Guest

Preview Tool

Cisco Bug: CSCvt85776 - ENH - Warning message for Interface static NAT on FMC

Last Modified

May 26, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.4.0.7 6.5.0.2 6.6.0

Description (partial)

Symptom:
- Traffic to the affected interface will be redirected
- Dynamic routing will be affected, OSPF will fail on DBD Exchange, BGP neighbors will not communicate with FTD
- Management access will not be available on the affected interface
- VPN tunnels will not establish on the affected interface

Conditions:
When configuring a static NAT rule translating to the interface address no warning message is shown on the FMC.

When creating the equivalent entry of the below on the FMC UI no alert is shown:

object network obj-192.0.0.0
nat (inside,outside) static interface

The same when configured on an ASA generates the following alerts:

WARNING: All traffic destined to the IP address of the outside interface is being redirected.
WARNING: Users may not be able to access any service enabled on the outside interface.

This will allow the user to mistakenly configure such rules on the FMC and break services on the affected interface as dynamic routing or management access.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.