cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1387
Views
10
Helpful
3
Replies
shockocisco
Beginner

ASA 9.2 Automation Capability and Office 365 Endpoints

We are running a cluster of Cisco ASA 5545-X 9.9(2) at our edge for web traffic. We have a requirement to run Exchange Online classic hybrid through it. That architecture requires ingress TCP ports 443/25 from a dynamic list of Office 365 endpoints. Other proxy/firewall kit we have has capability to subscribe to the Office 365 managed endpoints feed and auto-updated rules.  ASA does not appear to have this capability. 

 

Is there any other automation capability in ASA we could leverage for this? I see mention of a REST API based on a JAVA app running on the ASA itself but I have no experience of it in relation to stability, security etc. If it is was stable and had a reasonably granular security model around it potentially I could look to use it to upload the updated rules et each month as needed. 

1 ACCEPTED SOLUTION

Accepted Solutions
balaji.bandi
VIP Master

that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

3 REPLIES 3
balaji.bandi
VIP Master

I seen that working with FMC and API, ASA not tied, since we moved to FTD.

 

You can use REST API based  here some reference :

 

https://halis.eu/2018/07/22/script-to-import-office-365-ip-list-to-cisco-asa-improved-via-rest-api/

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

So basically this script is creating an entire ACL set and uploading via the ASA REST API i.e. replacing the existing rule set in its entirety?

balaji.bandi
VIP Master

that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post