In this setup I will show you how to configure FTDv using FDM to map custom SSH port 11122 to port 22, to gain access to a SSH Client behind the FTDv firewall.
Below is how the setup looks like.
1. Go to Policies and select NAT and then click on ADD button.
2. In this part on creating the NAT Rule. It is slightly different from the previous tutorial of creating the RDP NAT Rule. We will use the logic of Source Address (This will be similar to how you configure your FMC NAT Rule) vs Destination Address.
ORIGINAL PACKET
- Source Interface: inside
- Source Address: Kali001YT (Create a object for the ip e.g 172.16.2.198)
- Source Port: SSH (Port 22)
DESTINATION PACKET
- Destination Interface: outside
- Source Address: interface
- Source Port: CustomSSHYT (Create an object for the port e.g 11122)
3. E.g creating Network Object and Port Object
4. Once the NAT Rule is configure we will need to add a Access Control Policy.
Go to Polices -> Access Control tab and click on ADD button.
5. Create a rule to allow outside to inside (Kali Client)
SOURCE
- Zones: outside_zone
- Networks: ANY
- Ports: ANY
DESTINATION
- Zones: inside_zone
- Networks: kali001YT (172.16.2.198)
- Ports: SSH (Over here we are granting access to the actual SSH (port 22) instead of the port 11122.
6. Once that is done deploy the configuration.
You should be able to connect to the SSH port of kali client from the internet behind the FTDv.