Solved: Import of Office365 URLs and IPs into FMC/FTD2130 ACL(s)

brian.emil.harris · ‎10-22-2018

I need to create an ACL (or multiple ACLs) on my FTD2130 to allow hosts to the huge list of IPs and URLs required for Office365 (located here: https://support.content.office.net/en-us/static/O365IPAddresses.xml )

How can I do this automatically/scriptomatically? I would really prefer not manually entering each IP/range or URL into the ACL(s).

bart.raat · ‎10-25-2018

You can use this: https://github.com/chrivand/Firepower_O365_Feed_Parser

This will fill object groups with the Office 365 URL's and IP's.

View solution in original post

MarcHop · ‎10-24-2018

I opened a case with TAC on this, and with my VAR. (This very list, actually.) There was no way they could find to script this and have it become a feed into the ACL.

MarcHop · ‎10-25-2018

I am LOVING the fact that the community just proved me wrong! THANK YOU!

bart.raat · ‎10-25-2018

You can use this: https://github.com/chrivand/Firepower_O365_Feed_Parser

This will fill object groups with the Office 365 URL's and IP's.

brian.emil.harris · ‎10-25-2018

Good timing! I was just forwarded this same link earlier in the week, and just yesterday implemented it. I had planned to post the URL, but you beat me to it! :)

A caveat for anyone seeking to use this script: Check the pull requests, as the original script imports the URLs with asterisks/wildcards, which don't work in the FMC. The pull update cleans up some of the parsing, and strips the asterisks quite nicely.

The package contains two scripts - one authenticates to the FMC's REST API, the second does the download, parsing and update of the URL and IP objects you create as part of the package. I'm setting up a scheduled task on a management system I have to run this at least once a week.

The pull update also adds in a requirements file so you can update your Python installation to the specific package/module versions required for the script to work.