About the connector
Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.
This document provides information about the Cisco ASA connector, which facilitates automated interactions, with a Cisco ASA server using FortiSOAR™ playbooks. Add the Cisco ASA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as listing the current VPN sessions and blocking or unblocking IP addresses.
Version information
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with Cisco ASA Versions: 2.1.0 and later
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the username and password of the Windows server you want to connect to and perform automated operations.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Cisco ASA connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
FQDN of IP of the Cisco ASA server to which you will connect and perform the automated operations. |
| Username |
Username used to connect to the Cisco ASA server to which you will connect and perform automated operations. |
| Password |
Password used to connect to the Cisco ASA server to which you will connect and perform automated operations. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
Defaults to True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get Version |
Retrieves the software version of the Cisco ASA server you have specified. |
get_version
Investigation |
| Block IP |
Blocks the IP address you have specified. |
block_ip
Containment |
| Unblock IP |
Unblocks the IP address you have specified. |
unblock_ip
Remediation |
| List Sessions |
Lists the current VPN sessions running on the Cisco ASA server you have specified. |
list_sessions
Investigation |
| Terminate Sessions |
Terminates all VPN sessions of the user you have specified. |
terminate_sessions
Remediation |
operation: Get Version
Input parameters
None
Output
The JSON output contains the software version of the Cisco ASA server you have specified.
Following image displays a sample output:
operation: Block IP
Input parameters
| Parameter |
Description |
| Destination IP Address |
Destination IP address that you want to block.
If for a specific destination IP address you want to block all source IP addresses then specify any in this field. |
| Source IP Address |
Source IP address that you want to block.
If for a specific source IP address you want to block all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses. |
| Rule Direction |
The direction in which the access list rules work, i.e whether you want to block communication from source to destination (Out) or from destination to source (In). |
| Access List Name |
Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network. |
| Interface Name To Apply The Rule On |
Name of the interface on which you want to apply the rule. |
Output
The JSON output contains a Success message if the IP is blocked successfully or an Error message containing the reason for failure.
Following image displays a sample output:
operation: Unblock IP
Input parameters
| Parameter |
Description |
| Destination IP Address |
Destination IP address that you want to unblock.
If for a specific destination IP address you want to unblock all source IP addresses then specify any in this field. |
| Source IP Address |
Source IP address that you want to unblock.
If for a specific source IP address you want to unblock all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses. |
| Rule Direction |
The direction in which the access list rules work, i.e whether you want to unblock communication from source to destination (Out) or from destination to source (In). |
| Access List Name |
Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network. |
| Interface Name To Apply The Rule On |
Name of the interface on which you want to apply the rule. |
Output
The JSON output contains a Success message if the IP is unblocked successfully or an Error message containing the reason for failure.
Following image displays a sample output:
operation: List Sessions
Input parameters
None
Output
The JSON output contains a list of the current VPN sessions running on the Cisco ASA server you have specified.
Following image displays a sample output:
operation: Terminate Sessions
Input parameters
| Parameter |
Description |
| Username |
Name of the user whose session you want to terminate. |
Output
The JSON output contains a Success message if the sessions of the specified user are successfully terminated or an Error message containing the reason for failure.
Following image displays a sample output:
Included playbooks
The Sample-CiscoASA-1.0.0 playbook collection comes bundled with the Cisco ASA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ASA connector.
- Block IP
- Get Version
- List Sessions
- Terminate Sessions
- Unblock IP
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
