Hey Team! Today we will be looking at a quick “How-To” on how to go about Editing/Deleting NAT rules and Access Control List entries, inside of Cisco Defense Orchestrator for Firepower Management Center. Let’s get to it!
1. Log in to Cisco Defense Orchestrator and navigate to “NAT” on the far right-hand pane.
2. Here, you will see a complete list of all your NAT policies. Locate the NAT policy in question and click on the pencil icon on the far right to edit, or trash can icon to delete entire policy. Please double check your changes as you go, to avoid deleting something by mistake!
3. Now, you are inside the policy itself and can view your entries. You can either edit an entry by simply clicking the pencil icon on the far right of the rule, OR, delete an entry completely by clicking the trash can icon, to the right of the pencil.
NOTE: Information has been removed from screenshots for security purposes, but your page will look the same, only with your own environment’s information.
4. One important thing to note when deleting a NAT entry, is that, you will also need to remember to clean up the Access List and make sure the entry you removed from the NAT policy, is also removed from the ACL. To do this, continue to the next step!
5. To remove entries from the Access Lists, navigate to “Policies” at the top of the page, and click on “Access Control”.
6. You are now presented with a list of all available Access Control Lists in your environment. Locate the Access Control List you wish to modify and click the pencil icon. NOTE! Clicking the trash icon here will delete the entire policy from this list, be very careful!
7. As you can see, you are now inside the ACL policy itself, and can now make modifications as you see fit. If you click the pencil icon on any of these rules, you will be redirected to that specific rule.
You can get granular by adding or removing IP addresses, as well as info on other network related items, as seen in the tabs, in screenshot below.
On the left-hand side, you can add new Security Zones by clicking the “Create Security Zone Object” hyperlink. On the far right, you can remove “Objects” such as IP addresses, certain protocols, etc. To delete an object, simply hover over the object, and an “X” or “Remove” will appear next to it. Clicking the “X” will remove that entry. Once done editing, click on the blue “Apply” button, on the bottom right hand corner.
Almost done!
Now that we have applied the changes in the NAT policy and the ACL policy sections, we will need to commit these changes. You will notice on the top right of the screen, it will say in red font “You have unsaved changes”. Go ahead and save the changes.
Next, we will want to click “Deploy”.
You will now see a pending deployment. At the far right, you will see a “Preview” icon. It’s a good practice to click on the preview icon to see your changes, BEFORE and AFTER, so you can ensure you made the proper changes, BEFORE deploying.
Once you have confirmed you are happy with the changes made, click deploy! The process may take up to a few minutes. You will know your changes have taken place when you see the GREEN “Completed” status at the far right, like screenshot below.
That about wraps it up Team! I hope you found this “How-To” useful!
As always, if you have any questions on any IT solutions set up for you and your business and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!
Thank you!
Will Panameno, Network Engineer