Configure Cisco FTD Port Forwarding (via FDM)

KB ID 0001680

Problem

You have a Cisco FTD device that you manage via FDM, and you would like to setup port forwarding. In the example below I will forward TCP Port 80 (HTTP) traffic from the outside interface of my FTD Device (Firepower 1010) to an internal web server on 10.254.254.212

Solution (Step 1: Create an FTD NAT Policy)

Using a web browser connect to the FDM > Polices > NAT > Add.

 

Set the following options;

  • Title: Give the NAT rule a title e.g. Webserver-01
  • Create Rule for: Manual NAT
  • Status: Enable
  • Placement: Above a Specific Rule
  • Rule: InsideOutsideNATRule
  • Type: Static
  • Original Packet: Source Interface: inside
  • Original Packet: Source Address: Select ‘Create New Network’

In the Add new Network Object Window;

  • Name: Name of the server/object you are port forwarding to e.g. Webserver-01
  • Host: IP address of the server/object you are port forwarding to
  • OK

Back At the NAT Rule Window;

  • Source Address: Ensure it’s set to the object you just created
  • Original Packet: Source Port: HTTP (or whatever port you wish to forward) 
  • Translated Packet: Destination Interface: outside
  • Translated PacketSource Address: Interface
  • Translated Packet: Source Port:HTTP (or whatever port you wish to forward)
  • OK.

Solution (Step 2: Create an FTD Access Control Policy Rule)

Policies > Access Control > Add.

Set the access rule as follows;

  • Title: Give the access rule a title e.g. Webserver-Access
  • Source Zone: outside_zone
  • Source Networks:  any-ipv4
  • Source Ports: ANY
  • Destination Zone: inside_zone
  • Destination Networks:  The Object you created (above)
  • Destination: Ports/Protocols: HTTP
  • OK

You can expand the rule, and see a diagram version if you wish.

Pending Changes > Deploy Now.

Wait! The changes probably haven’t deployed yet, you can check progress by clicking the pending changes button again.

Related Articles, References, Credits, or External Links

NA

HP / 3COM – Setup the V1910-24G Switch

KB ID 0000495 Dtd 20/08/11

Problem

I was surprised this week when I went to fit one of these switches, I know HP bought 3Com some time ago but when I popped open the HP box I did not expect to see a 3Com switch.

Anyway, heres a very quick run down on initial setup (assign IP and secure the system passwords).

Solution

1. On the chassis locate the sticker with the serial number on it, on here it will show you the IP address that its set to by default, this is an IP in the 169.254.x.x range so providing you have a laptop/PC set up for DHCP simply connect it to the Switch (any port) and you can open a web browser session to it.

2. Default access is user name admin with a blank password.

3. To change the password, select Users >Modify.

4. Select the admin user and change the password below. Note: You can add additional users here as well.

5. To change the management IP address, select Network > VLAN Interface > Modify.

6. Out of the box you will only have one VLAN, change the setting to manual.

7. Set the required IP and Subnet mask > Apply (At this point you will be kicked out of the management console, connect the switch to your live network and you will be able to connect to its new address).

 

Related Articles, References, Credits, or External Links

NA