cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

332
Views
0
Helpful
3
Replies
Beginner

Cisco 2110 FDM and Office 365

I need to create an ACL (or multiple ACLs) on my FTD2110 using FDM, not FCM to allow hosts to the huge list of IPs and URLs required for Office365 (located here: https://support.content.office.net/en-us/static/O365IPAddresses.xml )

 

I came upon this website but it only indicates FCM: https://github.com/chrivand/Firepower_O365_Feed_Parser

 

How can I do this automatically/script automatically using FDM? I would really prefer not manually entering each IP/range or URL into the ACL(s).

3 REPLIES 3
Hall of Fame Guru

Re: Cisco 2110 FDM and Office 365

One could theoretically fork the github project and adapt it for an API push directly to the 2110 as opposed to going via a managing FMC. 

The native FTD-API does support posting network objects:

https://developer.cisco.com/site/ftd-api-reference/

When we use FDM (or Cisco Defense Orchestrator - CDO) to modify an FTD device that's how it sends the configuration.

https://docs.defenseorchestrator.com/Configuration_Guides/Objects/Network_Objects/Create_or_Edit_a_Firepower_Network_Object_or_Network_Group

(Right now CDO doesn't ingest the O365 feed - I've suggested to the cisco TMEs that they provide feedback to the business unit that it would be a useful feature.)

Beginner

Re: Cisco 2110 FDM and Office 365

Hi Marvin -

 

Thank you for the information.  So as I'm seeing this right now, this would need to be done manually on the FDM?

 

Thanks

Hall of Fame Guru

Re: Cisco 2110 FDM and Office 365

You could do it either:

a. manually via FDM,

b. using the device API directly to the device using your own script (modification of the github project),

c. via FMC (if you change management mode and stand up an FMC) or

d. via CDO (also requires manual input and acquisition of CDO management license).