Enabling access rules

SR Zak
SR Zak used Ask the Experts™
Dear Experts,

I am at a client location today and they have a local server that will be accessing different sites with various ports. The client has ASA firewall and Cisco Firepower my question is do I add the access rules in Firepower or directly in ASA?

I am always not sure and the client has no preference.

Please let me know from your experience how to tackle this .

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant

If its running ASA code (ie it has a command line, and an ASDM) then you do it on the ASA, if its running FTD code (eeurgh!) then you do it in the FirePOWER Device Manager Console.

Connecting to and Managing Cisco Firewalls

Or the FTD looks like this

SR ZakNetwork Solutions


Hi Pete,

I am using ASA with ASDM and Firepower management console, it is not FTD.
Technical Consultant
OK, I'm assuming you need to access this from outside the firewall? If you have a 'spare' public IP for it to use, then simply create a 'one to one' NAT - and open the ports you require. OR if you DON'T have a spar public IP, then you will need to 'Port Forward' the ports you want opening, from the outside IP of the firewall to the internal host :)
Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall
Cisco Firewall Port Forwarding



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial