Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.

This document provides information about the Cisco ASA connector, which facilitates automated interactions, with a Cisco ASA server using FortiSOAR™ playbooks. Add the Cisco ASA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as listing the current VPN sessions and blocking or unblocking IP addresses.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Cisco ASA Versions: 2.1.0 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the username and password of the Windows server you want to connect to and perform automated operations.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Cisco ASA connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL FQDN of IP of the Cisco ASA server to which you will connect and perform the automated operations.
Username Username used to connect to the Cisco ASA server to which you will connect and perform automated operations.
Password Password used to connect to the Cisco ASA server to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
Defaults to True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Version Retrieves the software version of the Cisco ASA server you have specified. get_version
Investigation
Block IP Blocks the IP address you have specified. block_ip
Containment
Unblock IP Unblocks the IP address you have specified. unblock_ip
Remediation
List Sessions Lists the current VPN sessions running on the Cisco ASA server you have specified. list_sessions
Investigation
Terminate Sessions Terminates all VPN sessions of the user you have specified. terminate_sessions
Remediation

 

operation: Get Version

Input parameters

None

Output

The JSON output contains the software version of the Cisco ASA server you have specified.

Following image displays a sample output:

 

Sample output of the Get Version operation

 

operation: Block IP

Input parameters

 

Parameter Description
Destination IP Address Destination IP address that you want to block.
If for a specific destination IP address you want to block all source IP addresses then specify any in this field.
Source IP Address Source IP address that you want to block.
If for a specific source IP address you want to block all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses.
Rule Direction The direction in which the access list rules work, i.e whether you want to block communication from source to destination (Out) or from destination to source (In).
Access List Name Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name To Apply The Rule On Name of the interface on which you want to apply the rule.

 

Output

The JSON output contains a Success message if the IP is blocked successfully or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Block IP operation

 

operation: Unblock IP

Input parameters

 

Parameter Description
Destination IP Address Destination IP address that you want to unblock.
If for a specific destination IP address you want to unblock all source IP addresses then specify any in this field.
Source IP Address Source IP address that you want to unblock.
If for a specific source IP address you want to unblock all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses.
Rule Direction The direction in which the access list rules work, i.e whether you want to unblock communication from source to destination (Out) or from destination to source (In).
Access List Name Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name To Apply The Rule On Name of the interface on which you want to apply the rule.

 

Output

The JSON output contains a Success message if the IP is unblocked successfully or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Unblock IP operation

 

operation: List Sessions

Input parameters

None

Output

The JSON output contains a list of the current VPN sessions running on the Cisco ASA server you have specified.

Following image displays a sample output:

 

Sample output of the Get Version operation

 

operation: Terminate Sessions

Input parameters

 

Parameter Description
Username Name of the user whose session you want to terminate.

 

Output

The JSON output contains a Success message if the sessions of the specified user are successfully terminated or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Terminate Sessions operation

 

Included playbooks

The Sample-CiscoASA-1.0.0 playbook collection comes bundled with the Cisco ASA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ASA connector.

  • Block IP
  • Get Version
  • List Sessions
  • Terminate Sessions
  • Unblock IP

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.

This document provides information about the Cisco ASA connector, which facilitates automated interactions, with a Cisco ASA server using FortiSOAR™ playbooks. Add the Cisco ASA connector as a step in FortiSOAR™ playbooks and perform automated operations, such as listing the current VPN sessions and blocking or unblocking IP addresses.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Cisco ASA Versions: 2.1.0 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Cisco ASA connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL FQDN of IP of the Cisco ASA server to which you will connect and perform the automated operations.
Username Username used to connect to the Cisco ASA server to which you will connect and perform automated operations.
Password Password used to connect to the Cisco ASA server to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
Defaults to True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Version Retrieves the software version of the Cisco ASA server you have specified. get_version
Investigation
Block IP Blocks the IP address you have specified. block_ip
Containment
Unblock IP Unblocks the IP address you have specified. unblock_ip
Remediation
List Sessions Lists the current VPN sessions running on the Cisco ASA server you have specified. list_sessions
Investigation
Terminate Sessions Terminates all VPN sessions of the user you have specified. terminate_sessions
Remediation

 

operation: Get Version

Input parameters

None

Output

The JSON output contains the software version of the Cisco ASA server you have specified.

Following image displays a sample output:

 

Sample output of the Get Version operation

 

operation: Block IP

Input parameters

 

Parameter Description
Destination IP Address Destination IP address that you want to block.
If for a specific destination IP address you want to block all source IP addresses then specify any in this field.
Source IP Address Source IP address that you want to block.
If for a specific source IP address you want to block all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses.
Rule Direction The direction in which the access list rules work, i.e whether you want to block communication from source to destination (Out) or from destination to source (In).
Access List Name Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name To Apply The Rule On Name of the interface on which you want to apply the rule.

 

Output

The JSON output contains a Success message if the IP is blocked successfully or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Block IP operation

 

operation: Unblock IP

Input parameters

 

Parameter Description
Destination IP Address Destination IP address that you want to unblock.
If for a specific destination IP address you want to unblock all source IP addresses then specify any in this field.
Source IP Address Source IP address that you want to unblock.
If for a specific source IP address you want to unblock all destination IP addresses then specify any in this field.
Note: You cannot enter any for both source and destination IP addresses.
Rule Direction The direction in which the access list rules work, i.e whether you want to unblock communication from source to destination (Out) or from destination to source (In).
Access List Name Name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name To Apply The Rule On Name of the interface on which you want to apply the rule.

 

Output

The JSON output contains a Success message if the IP is unblocked successfully or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Unblock IP operation

 

operation: List Sessions

Input parameters

None

Output

The JSON output contains a list of the current VPN sessions running on the Cisco ASA server you have specified.

Following image displays a sample output:

 

Sample output of the Get Version operation

 

operation: Terminate Sessions

Input parameters

 

Parameter Description
Username Name of the user whose session you want to terminate.

 

Output

The JSON output contains a Success message if the sessions of the specified user are successfully terminated or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Terminate Sessions operation

 

Included playbooks

The Sample-CiscoASA-1.0.0 playbook collection comes bundled with the Cisco ASA connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ASA connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.