Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
2
Replies

Is there a way to use VCS API to change "Firewall rules"?

Victor Davidenko
Level 1
Level 1

‎09-30-2013 10:48 AM - edited ‎03-18-2019 01:53 AM

Good day Dear colleagues,

I'm trying to setup some highly automatic VCS environment when one component piece will analyze VCS logs and another component piece will find some matches in VCS logs then based on the matches add & enable some new firewall rules in the built in VCS firewall. The purpose for this kind of automation is to automatically detect & stop pesky SIP spam and toll fraud calls. I have very good stop & deny call policy rules in place but I don't want these calls to even get to my VCS or if they get I don't want my VCS to process them at all. I have these rules setup & working for more than two years now and they've proved to be very efficient but the next and a natural step, I think, is to stop these calls at the networking layer. Let's say, VCS sees suspicious calls coming from some IP address and my script will automatically add a corresponding firewall rule to block this IP address for some predefined period of time.

There are three assumptions which I know I have to take into consideration:

1. Bad boys can spoof an IP address and cause me to block some valid IP but at this moment I can live with this assumption,

2. I want to use built in VCS firewall, don't want to touch my corporate firewall,

3. I'll have to "review & clean" my VCS firewall rules from time to time.

P.S. of course if Cisco R&D will implement some better control over the VCS built in firewall functionality then this discussion can or will take another route but right now I'm looking for some API commands that will allow me to manupulate with VCS firewall rules from CLI interface or any other scripting environment.

Thanks a lot!

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Alok Jaiswal
Cisco Employee
Cisco Employee

‎10-01-2013 03:11 AM

Hey,

Victor i will suggest you to wait for x8 release to come. You might be seeing some new features in that.

at this point don't want to put anything here.

Rgds

Alok

0 Helpful

Victor Davidenko
Level 1
Level 1
In response to Alok Jaiswal

‎10-01-2013 11:00 AM

Thank you Alok! Nice to speak with you again, you rule as always :-)

I had a discussion with Cisco SE not so long time ago and my very preliminary impression of the relevant features was that v. 8.x will not address many of my concerns. Anyway, thank you for this prompt reply and let's see what security measurements will be implemented in the 8.x SW.

I personally think that if there is a chance that Cisco tries to listen to their customers that write on this forum (hey, I do not challenge the Cisco's ability to listen to their customers :-) I can compile some very comprehensive document or a list that will contain my suggestions to address these security issues. You know that I'm supporting a very big number of customers and security issues including SIP spam and toll fraud calls is in the top of their mind.

Have a good day!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents