I am new to working on Cisco Firepower and was looking for guidance on the following:
I need to create an access rule to allow access to the Office 365 services.
I have all of the domain names required to add to the rule e.g. *.office.com, *.sharepointonline.com but i am unable to find how to create an object that can encompass this.
I can create a network object using an IP address.
When i create a network object (Object > Object Management > Network), am i supposed to use the 'FQDN' option and then enter the value '*.office.com'?
Do i also need to create a single object for each domain and then create a group and add them to it?
I hope that this makes sense.
Your help is appreciated.
Check out this Cisco Live session (BRKSEC-2033), it's a dedicated session using Office 365 and Firepower. It also provides some python scripts.
You have to do couple of things to achieve what you want to achieve.
1) Obtain Office Subnets (Ip address range / subnet mask) from O365 team
2) Create Network Objects for each Subnet
3) Add all of them to a "Office_Networks" object.
4) Create a Global Trusted Policy (check Screenshot) and add Office Network Object
5) Add Office O365 as Trusted Application in 'Trusted Application' rule. (Check Screenshot).