Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2116
Views
10
Helpful
3
Replies

ASA 9.2 Automation Capability and Office 365 Endpoints

Go to solution
shockocisco
Level 1
Level 1

‎09-21-2020 11:19 AM

We are running a cluster of Cisco ASA 5545-X 9.9(2) at our edge for web traffic. We have a requirement to run Exchange Online classic hybrid through it. That architecture requires ingress TCP ports 443/25 from a dynamic list of Office 365 endpoints. Other proxy/firewall kit we have has capability to subscribe to the Office 365 managed endpoints feed and auto-updated rules.  ASA does not appear to have this capability. 

 

Is there any other automation capability in ASA we could leverage for this? I see mention of a REST API based on a JAVA app running on the ASA itself but I have no experience of it in relation to stability, security etc. If it is was stable and had a reasonably granular security model around it potentially I could look to use it to upload the updated rules et each month as needed. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2020 02:53 AM

that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-21-2020 12:15 PM - edited ‎09-21-2020 12:15 PM

I seen that working with FMC and API, ASA not tied, since we moved to FTD.

 

You can use REST API based  here some reference :

 

https://halis.eu/2018/07/22/script-to-import-office-365-ip-list-to-cisco-asa-improved-via-rest-api/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
shockocisco
Level 1
Level 1
In response to balaji.bandi

‎09-24-2020 01:29 AM

So basically this script is creating an entire ACL set and uploading via the ASA REST API i.e. replacing the existing rule set in its entirety?

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2020 02:53 AM

that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents