cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
870
Views
0
Helpful
3
Replies

Cisco 2110 FDM and Office 365

latintrpt
Level 1
Level 1

I need to create an ACL (or multiple ACLs) on my FTD2110 using FDM, not FCM to allow hosts to the huge list of IPs and URLs required for Office365 (located here: https://support.content.office.net/en-us/static/O365IPAddresses.xml )

 

I came upon this website but it only indicates FCM: https://github.com/chrivand/Firepower_O365_Feed_Parser

 

How can I do this automatically/script automatically using FDM? I would really prefer not manually entering each IP/range or URL into the ACL(s).

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

One could theoretically fork the github project and adapt it for an API push directly to the 2110 as opposed to going via a managing FMC. 

The native FTD-API does support posting network objects:

https://developer.cisco.com/site/ftd-api-reference/

When we use FDM (or Cisco Defense Orchestrator - CDO) to modify an FTD device that's how it sends the configuration.

https://docs.defenseorchestrator.com/Configuration_Guides/Objects/Network_Objects/Create_or_Edit_a_Firepower_Network_Object_or_Network_Group

(Right now CDO doesn't ingest the O365 feed - I've suggested to the cisco TMEs that they provide feedback to the business unit that it would be a useful feature.)

Hi Marvin -

 

Thank you for the information.  So as I'm seeing this right now, this would need to be done manually on the FDM?

 

Thanks

You could do it either:

a. manually via FDM,

b. using the device API directly to the device using your own script (modification of the github project),

c. via FMC (if you change management mode and stand up an FMC) or

d. via CDO (also requires manual input and acquisition of CDO management license).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: