Re: Cisco 2110 FDM and Office 365

latintrpt · ‎07-10-2019

I need to create an ACL (or multiple ACLs) on my FTD2110 using FDM, not FCM to allow hosts to the huge list of IPs and URLs required for Office365 (located here: https://support.content.office.net/en-us/static/O365IPAddresses.xml )

I came upon this website but it only indicates FCM: https://github.com/chrivand/Firepower_O365_Feed_Parser

How can I do this automatically/script automatically using FDM? I would really prefer not manually entering each IP/range or URL into the ACL(s).

Marvin Rhoads · ‎07-10-2019

One could theoretically fork the github project and adapt it for an API push directly to the 2110 as opposed to going via a managing FMC.

The native FTD-API does support posting network objects:

https://developer.cisco.com/site/ftd-api-reference/

When we use FDM (or Cisco Defense Orchestrator - CDO) to modify an FTD device that's how it sends the configuration.

https://docs.defenseorchestrator.com/Configuration_Guides/Objects/Network_Objects/Create_or_Edit_a_Firepower_Network_Object_or_Network_Group

(Right now CDO doesn't ingest the O365 feed - I've suggested to the cisco TMEs that they provide feedback to the business unit that it would be a useful feature.)

latintrpt · ‎07-10-2019

Hi Marvin -

Thank you for the information. So as I'm seeing this right now, this would need to be done manually on the FDM?

Thanks

Marvin Rhoads · ‎07-10-2019

You could do it either:

a. manually via FDM,

b. using the device API directly to the device using your own script (modification of the github project),

c. via FMC (if you change management mode and stand up an FMC) or

d. via CDO (also requires manual input and acquisition of CDO management license).