Manualshelf

Release Notes

ManualsBrandsCisco Manualshardware firewallsCisco FirePOWER Appliance 7010
29303132333435363738
Version 5.2.0.2 Sourcefire 3D System Release Notes 34
Features Introduced in Previous Versions
Policy-Based NAT
Version 5.2 introduces the ability to create a network address translation (NAT)
policy. A NAT policy determines how the system performs routing with NAT.
You can now create and use both static and dynamic NAT rules for further
flexibility and granular control of NAT configuration. Policy-based NAT supports
the following types of rules:
static, which provide one-to-one translations on destination networks and
optionally port and protocol
dynamic IP, which translate many-to-many source networks, but maintain
port and protocol
dynamic IP and port, which translate many-to-one or many-to-many source
networks and port and protocol
You can configure NAT policies in different ways to manage specific network
needs:
to expose an internal server to an external network
to allow an internal host or server to connect to an external application
to hide private network addresses from an external network by using a
block of IP addresses
to hide private network addresses from an external network using a limited
block of IP addresses and port translation
In previous versions, you could configure NAT through device-based NAT rules.
Policy-based NAT replaces that functionality. When you update managed devices
to Version 5.2, the device-based NAT rules for that device (formerly configured
under Devices > Device Management > Edit) become a NAT policy (under the Devices
> NAT tab on the Defense Center) with equivalent rules.
You can use policy-based NAT on Series 3 managed devices with a Control
license enabled.
Clustered Stacking
In addition to the ability to create clustered configurations of managed devices,
you can now establish redundancy of networking functionality and configuration
data between two identically configured peer device stacks. Just as with paired
individual devices in a cluster, clustered stacks provide a backup option if one
stack fails. As in the existing clustering feature, all devices in the configuration
must have identical licenses and must have Control licenses. When you register
or unregister any device in a clustered stack with a Defense Center, the entire
clustered stack is registered or unregistered as a group.
All Series 3 devices that support stacking are supported for this feature. However,
stacked 3D9900 devices are not supported.