![]() But, it’s not always going to work, as sometimes the port will have already been taken. With PAT, Threat Defence attempts to keep the same source port after translation. Many application inspections do not work with this option. ![]() The drawback is that this is more resource intensive. The purpose of this is to allow more port combinations per IP in the pool, extending the life of the pool. This makes the PAT apply per service, rather than per IP. This enables Firepower to track the source and destination port in the table. When using a pool of IP’s, the Extend PAT Table option may be useful. Then, we move onto the next IP in the pool.īy default, the translation table tracks the traffic flow’s source port. If not enabled, all ports from one IP are used until they are exhausted. A source port from one IP is allocated, then the next request will take a port from the next IP address, and so on. When using Address, you need to create an object that contains a pool of IP addresses.Įnabling Round Robin Allocation assigns the IP’s in the pool evenly. The PAT type can be set to an Address or an interface IP. More options become available when enabling this option. ![]() ![]() The PAT Pool option is available when using dynamic translations.
0 Comments
Leave a Reply. |