cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1610
Views
0
Helpful
4
Replies

ASA user filtering with external service

Julie_grst
Level 1
Level 1

Hello,

A client of mine is asking me a tricky question. On ASA, is it possible to do some flow filtering based on user groups, with user information located in a Microsoft Graph? In other word, can ASA trigger an API call to an external service to do some user filtering in flow policy?

 

Thank you advance for your help!

1 Accepted Solution

Accepted Solutions

Hi,

Not out of the box to make ASA do this. However, you can write your own
script and make it running on a separate server (or maybe guestshell if you
have IOS-XE). This script can read data from MS Graph and parse it. Then
same data can connect to ASA API to allow rules or create objects, etc.

***** please remember to rate useful posts

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Not sure if the below URL help, we need more example what exactly you looking to filter based domain or content?

 

what ASA version?

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/filter.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

I checked the URL you sent, but I didn't find anything related to my issue. Actually we want to filter traffic based on users and groups, with user information located in a Microsoft Graph.

I don't know their ASA version, for now it's only a theoretical question

 

Thank you for your answer!

Hi,

Not out of the box to make ASA do this. However, you can write your own
script and make it running on a separate server (or maybe guestshell if you
have IOS-XE). This script can read data from MS Graph and parse it. Then
same data can connect to ASA API to allow rules or create objects, etc.

***** please remember to rate useful posts

Hello Mohammed,

Thank you very much for your answer, that's exactly the kind of thing we were looking for

Review Cisco Networking for a $25 gift card