topic Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s) in Network Security

Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

brian.emil.harris — Fri, 21 Feb 2020 16:22:53 GMT

I need to create an ACL (or multiple ACLs) on my FTD2130 to allow hosts to the huge list of IPs and URLs required for Office365 (located here: https://support.content.office.net/en-us/static/O365IPAddresses.xml )

How can I do this automatically/scriptomatically? I would really prefer not manually entering each IP/range or URL into the ACL(s).

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

MarcHop — Wed, 24 Oct 2018 20:56:31 GMT

I opened a case with TAC on this, and with my VAR. (This very list, actually.) There was no way they could find to script this and have it become a feed into the ACL.

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

bart.raat — Thu, 25 Oct 2018 08:38:57 GMT

You can use this: https://github.com/chrivand/Firepower_O365_Feed_Parser

This will fill object groups with the Office 365 URL's and IP's.

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

brian.emil.harris — Thu, 25 Oct 2018 14:33:13 GMT

Good timing! I was just forwarded this same link earlier in the week, and just yesterday implemented it. I had planned to post the URL, but you beat me to it! 🙂

A caveat for anyone seeking to use this script: Check the pull requests, as the original script imports the URLs with asterisks/wildcards, which don't work in the FMC. The pull update cleans up some of the parsing, and strips the asterisks quite nicely.

The package contains two scripts - one authenticates to the FMC's REST API, the second does the download, parsing and update of the URL and IP objects you create as part of the package. I'm setting up a scheduled task on a management system I have to run this at least once a week.

The pull update also adds in a requirements file so you can update your Python installation to the specific package/module versions required for the script to work.

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

MarcHop — Thu, 25 Oct 2018 15:30:37 GMT

I am LOVING the fact that the community just proved me wrong! THANK YOU!

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

ckleopa — Wed, 11 Dec 2024 13:31:56 GMT

Just curious,

Is there a reason you chose to use an external script vs what we currently have now with all our Office 365 applications or even the "Dynamic Attributes Connector" with the Dynamic Objects that processes and updates all those IP's dynamically?

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

brian.emil.harris — Thu, 12 Dec 2024 17:04:15 GMT

When did this become available? I set up this script something like 6 years ago. The firewall(s) that use it are getting decom'd soon, but I'd be interested in learning about what you're talking about.

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

ckleopa — Thu, 12 Dec 2024 17:28:28 GMT

See our details on the Dynamic Attributes Connector here.

There is also a table with all the connectors and respective versions for them.

https://secure.cisco.com/secure-firewall/docs/cisco-secure-dynamic-attribute-connector

For the Applications based Office 365 controls they have been there for years. It's one of our tags that lists all applications under O365 we support.

Re: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

c-kn — Mon, 30 Dec 2024 21:07:45 GMT

Probably because Dynamic objects didn't exist when this post was created. Also dynamic objects and applications can't be used in an ACL so neither solves the original problem today.

I've been using https://github.com/chrivand/Firepower_O365_Feed_Parser about as long as this post for Access Policies and RA VPN split tunneling. Dynamic Objects are great for Access Policies. I found this post again today because I was looking to see if there is a solution for the split tunneling ACL. Looks like the answer is still no.