Configure Cisco FTD Port Forwarding (via FDM)

KB ID 0001680

Problem

You have a Cisco FTD device that you manage via FDM, and you would like to setup port forwarding. In the example below I will forward TCP Port 80 (HTTP) traffic from the outside interface of my FTD Device (Firepower 1010) to an internal web server on 10.254.254.212

Solution (Step 1: Create an FTD NAT Policy)

Using a web browser connect to the FDM > Polices > NAT > Add.

 

Set the following options;

  • Title: Give the NAT rule a title e.g. Webserver-01
  • Create Rule for: Manual NAT
  • Status: Enable
  • Placement: Above a Specific Rule
  • Rule: InsideOutsideNATRule
  • Type: Static
  • Original Packet: Source Interface: inside
  • Original Packet: Source Address: Select ‘Create New Network’

In the Add new Network Object Window;

  • Name: Name of the server/object you are port forwarding to e.g. Webserver-01
  • Host: IP address of the server/object you are port forwarding to
  • OK

Back At the NAT Rule Window;

  • Source Address: Ensure it’s set to the object you just created
  • Original Packet: Source Port: HTTP (or whatever port you wish to forward) 
  • Translated Packet: Destination Interface: outside
  • Translated PacketSource Address: Interface
  • Translated Packet: Source Port:HTTP (or whatever port you wish to forward)
  • OK.

Solution (Step 2: Create an FTD Access Control Policy Rule)

Policies > Access Control > Add.

Set the access rule as follows;

  • Title: Give the access rule a title e.g. Webserver-Access
  • Source Zone: outside_zone
  • Source Networks:  any-ipv4
  • Source Ports: ANY
  • Destination Zone: inside_zone
  • Destination Networks:  The Object you created (above)
  • Destination: Ports/Protocols: HTTP
  • OK

You can expand the rule, and see a diagram version if you wish.

Pending Changes > Deploy Now.

Wait! The changes probably haven’t deployed yet, you can check progress by clicking the pending changes button again.

Related Articles, References, Credits, or External Links

NA

Can I delete _vti_inf.html and the _vti folders?

KB ID 0000742 

Problem

I was doing some site tidying this week, usually If I don’t know what something is I leave it alone, but I was on a mission! I had a bunch of files/folders in the root of my website, that, a) I didn’t know what they were doing, and b) wanted to delete.

File: _vti_inf
Folders: _private, _vti_bin, _vti_cnf, _vti_log, vti_pvt, _vti_txt

Solution

As it turns out these folders are needed for FrontPage and FrontPage Extensions. I CAN simply delete them, but since my web host provides me with cPanel access to the website, I can simply disable the extensions there, and this removes all the junk for me. (I don’t intend to use FrontPage).

1. Log into cPanel, locate FrontPage Extensions.

2. Uninstall Extensions.

3. You should see something similar.

4. Now we are a bit less cluttered.

Related Articles, References, Credits, or External Links

NA

IIS – ‘This Web site cannot be started. Another Web site may be using the same port’.

KB ID 0000660 

Problem

After being unable to access my Exchange Management console, it turns out the default website had stopped. When I attempted to start it I was greeted with this error.

Solution

1. Nothing was using the usual web ports (80 and 443) which I found out by running the following two commands;

[box]netstat -aon | find “:80″</p> <p>netstat -aon | find “:443″[/box]

Note: If you do have a process using these ports, it will be sown with its PID. To find out what that PID is, right click your Task bar > Launch Task Manager > Processes Tab > View > Select Columns > Turn on the PID column > locate the PID and investigate.

2. My problem was there was a ‘Binding’ to https that had no information in it? Right click the website > Edit Bindings > here you can remove any spurious entries. (Warning: if you’re unsure, document any binding before you remove it – just in case).

Related Articles, References, Credits, or External Links

NA