09-21-2020 11:19 AM
We are running a cluster of Cisco ASA 5545-X 9.9(2) at our edge for web traffic. We have a requirement to run Exchange Online classic hybrid through it. That architecture requires ingress TCP ports 443/25 from a dynamic list of Office 365 endpoints. Other proxy/firewall kit we have has capability to subscribe to the Office 365 managed endpoints feed and auto-updated rules. ASA does not appear to have this capability.
Is there any other automation capability in ASA we could leverage for this? I see mention of a REST API based on a JAVA app running on the ASA itself but I have no experience of it in relation to stability, security etc. If it is was stable and had a reasonably granular security model around it potentially I could look to use it to upload the updated rules et each month as needed.
Solved! Go to Solution.
09-24-2020 02:53 AM
that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.
09-21-2020 12:15 PM - edited 09-21-2020 12:15 PM
I seen that working with FMC and API, ASA not tied, since we moved to FTD.
You can use REST API based here some reference :
https://halis.eu/2018/07/22/script-to-import-office-365-ip-list-to-cisco-asa-improved-via-rest-api/
09-24-2020 01:29 AM
So basically this script is creating an entire ACL set and uploading via the ASA REST API i.e. replacing the existing rule set in its entirety?
09-24-2020 02:53 AM
that is the example, you can do based on your ACL modification, look at the REST API and Limitation if any.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: