Fortinet black logo

Cisco ASA

2.0.1
2.0.1
2.0.0
1.0.0

Cisco ASA v2.0.1

About the connector

Cisco ASA connector that you can use to Get Version of the device, Block and Unblock IP Address, List and Terminate Sessions etc.

This document provides information about the Cisco ASA Connector, which facilitates automated interactions, with a Cisco ASA server using FortiSOAR™ playbooks. Add the Cisco ASA Connector as a step in FortiSOAR™ playbooks and perform automated operations with Cisco ASA.

Version information

Connector Version: 2.0.1

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.1

Following enhancements have been made to the Cisco ASA Connector in version 2.0.1:

  • Added the following new operations and playbooks:
    • Run Custom Commands

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-cisco-asa

Prerequisites to configuring the connector

  • You must have the URL of Cisco ASA server to which you will connect and perform automated operations and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Cisco ASA server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Cisco ASA connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Fully Qualified Domain Name (FQDN) or IP of the Cisco ASA server to connect and perform the automated operations.
Username Username used to connect to the Cisco ASA server to connect and perform automated operations.
Password Password used to connect to the Cisco ASA server to connect and perform automated operations.
Context Mode Specify the context mode in which you want to run this connector configuration. You can choose from following options:
  • Single Context: Actions are executed with admin as the context name.
  • Multi Context: Actions are executed with context names specified in the Context Name.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function Description Annotation and Category
Get Version Retrieves the software version of the Cisco ASA server specified in configuration parameters. get_version
Investigation
Block IP Blocks the IP address on the Cisco ASA server based on the source IP address, destination IP address, rule direction, and other input parameters you have specified. block_ip
Containment
Unblock IP Unblocks the IP address on the Cisco ASA server based on the source IP address, destination IP address, rule direction, and other input parameters you have specified. unblock_ip
Remediation
List Sessions Lists current VPN sessions running on the Cisco ASA server specified in the configuration parameters. list_sessions
Investigation
Terminate Sessions Terminates all VPN sessions of the specified user from the Cisco ASA server specified in the configuration parameters. terminate_sessions
Remediation
Get Network Group Retrieves details of network objects or groups from the Cisco ASA server specified in the configuration parameters. get_network_group
Investigation
Update Network Group Updates a specific network object group in the Cisco ASA server by adding or removing a specified IP address from the network group specified. update_group
Containment
Run Custom Commands Run custom commands on the Cisco ASA server. run_custom_commands
Containment

operation: Get Version

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"command": "",
"output": "",
"status": ""
}

operation: Block IP

Input parameters

Parameter Description
Destination IP Address Specify the destination IP address that you want to block. Specify any in this field to block all source IP addresses for a specific destination IP address.
Source IP Address Specify the source IP address that you want to block. Specify any in this field to block all destination IP addresses for a specific source IP address.
NOTE: Do not enter any for both source and destination IP addresses.
Rule Direction Specify the direction in which you want the access list rules to work, i.e whether you want to block communication from source to destination (Out) or from destination to source (In) or both.
Access List Name Specify the name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name to Apply the Rule on Specify the name of the interface on which to apply the rule.

Output

The output contains the following populated JSON schema:
{
"message": ""
}

operation: Unblock IP

Input parameters

Parameter Description
Destination IP Address Specify the destination IP address that you want to unblock. Specify any in this field to unblock all source IP addresses for a specific destination IP address.
Source IP Address Specify the source IP address that you want to unblock. Specify any in this field to unblock all destination IP addresses for a specific source IP address.
NOTE: Do not enter any for both source and destination IP addresses.
Rule Direction Specify the direction in which you want the access list rules to work, i.e whether you want to unblock communication from source to destination (Out), destination to source (In), or both (Both).
Access List Name Specify the name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name to Apply the Rule on Specify the name of the interface on which to apply the rule.

Output

The output contains the following populated JSON schema:
{
"message": ""
}

operation: List Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"total_users": "",
"users": []
}

operation: Terminate Sessions

Input parameters

Parameter Description
Username Specify the name of the user whose running VPN sessions you want to terminate on Cisco ASA.

Output

The output contains a non-dictionary value.

operation: Get Network Group

Input parameters

Parameter Description
Network Group Name Specify the name of the network group name whose details you want to retrieve from Cisco ASA.

Output

The output contains the following populated JSON schema:
{
"status": "",
"command": "",
"output": ""
}

operation: Update Network Group

Input parameters

Parameter Description
Network Group Name Specify the name of the Network group that you want to update in Cisco ASA by adding or removing an IP address from the specified group.
Method Select the update action that you want to perform on the specified group. You can choose to Add or Remove an IP address from the specified network group.
IP Address Specify the IP address that you want to update in the specified network group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"command": ""
}

operation: Run Custom Commands

Input parameters

Parameter Description
Commands Specify the Cisco ASA custom commands separated by a semicolon(;) separated. E.g. <command1>;<command2>;<command3>

Output

The output contains the following populated JSON schema:
{
"message": ""
}

Included playbooks

The Sample - Cisco ASA - 2.0.1 playbook collection comes bundled with the Cisco ASA connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ASA connector.

  • Block IP
  • Get Network Group
  • Get Version
  • List Sessions
  • Run Custom Commands
  • Terminate Sessions
  • Unblock IP
  • Update Network Group

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Cisco ASA connector that you can use to Get Version of the device, Block and Unblock IP Address, List and Terminate Sessions etc.

This document provides information about the Cisco ASA Connector, which facilitates automated interactions, with a Cisco ASA server using FortiSOAR™ playbooks. Add the Cisco ASA Connector as a step in FortiSOAR™ playbooks and perform automated operations with Cisco ASA.

Version information

Connector Version: 2.0.1

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.1

Following enhancements have been made to the Cisco ASA Connector in version 2.0.1:

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-cisco-asa

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Cisco ASA connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Fully Qualified Domain Name (FQDN) or IP of the Cisco ASA server to connect and perform the automated operations.
Username Username used to connect to the Cisco ASA server to connect and perform automated operations.
Password Password used to connect to the Cisco ASA server to connect and perform automated operations.
Context Mode Specify the context mode in which you want to run this connector configuration. You can choose from following options:
  • Single Context: Actions are executed with admin as the context name.
  • Multi Context: Actions are executed with context names specified in the Context Name.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function Description Annotation and Category
Get Version Retrieves the software version of the Cisco ASA server specified in configuration parameters. get_version
Investigation
Block IP Blocks the IP address on the Cisco ASA server based on the source IP address, destination IP address, rule direction, and other input parameters you have specified. block_ip
Containment
Unblock IP Unblocks the IP address on the Cisco ASA server based on the source IP address, destination IP address, rule direction, and other input parameters you have specified. unblock_ip
Remediation
List Sessions Lists current VPN sessions running on the Cisco ASA server specified in the configuration parameters. list_sessions
Investigation
Terminate Sessions Terminates all VPN sessions of the specified user from the Cisco ASA server specified in the configuration parameters. terminate_sessions
Remediation
Get Network Group Retrieves details of network objects or groups from the Cisco ASA server specified in the configuration parameters. get_network_group
Investigation
Update Network Group Updates a specific network object group in the Cisco ASA server by adding or removing a specified IP address from the network group specified. update_group
Containment
Run Custom Commands Run custom commands on the Cisco ASA server. run_custom_commands
Containment

operation: Get Version

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"command": "",
"output": "",
"status": ""
}

operation: Block IP

Input parameters

Parameter Description
Destination IP Address Specify the destination IP address that you want to block. Specify any in this field to block all source IP addresses for a specific destination IP address.
Source IP Address Specify the source IP address that you want to block. Specify any in this field to block all destination IP addresses for a specific source IP address.
NOTE: Do not enter any for both source and destination IP addresses.
Rule Direction Specify the direction in which you want the access list rules to work, i.e whether you want to block communication from source to destination (Out) or from destination to source (In) or both.
Access List Name Specify the name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name to Apply the Rule on Specify the name of the interface on which to apply the rule.

Output

The output contains the following populated JSON schema:
{
"message": ""
}

operation: Unblock IP

Input parameters

Parameter Description
Destination IP Address Specify the destination IP address that you want to unblock. Specify any in this field to unblock all source IP addresses for a specific destination IP address.
Source IP Address Specify the source IP address that you want to unblock. Specify any in this field to unblock all destination IP addresses for a specific source IP address.
NOTE: Do not enter any for both source and destination IP addresses.
Rule Direction Specify the direction in which you want the access list rules to work, i.e whether you want to unblock communication from source to destination (Out), destination to source (In), or both (Both).
Access List Name Specify the name of the access list that controls access to your network by preventing certain traffic from entering or exiting from your network.
Interface Name to Apply the Rule on Specify the name of the interface on which to apply the rule.

Output

The output contains the following populated JSON schema:
{
"message": ""
}

operation: List Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"total_users": "",
"users": []
}

operation: Terminate Sessions

Input parameters

Parameter Description
Username Specify the name of the user whose running VPN sessions you want to terminate on Cisco ASA.

Output

The output contains a non-dictionary value.

operation: Get Network Group

Input parameters

Parameter Description
Network Group Name Specify the name of the network group name whose details you want to retrieve from Cisco ASA.

Output

The output contains the following populated JSON schema:
{
"status": "",
"command": "",
"output": ""
}

operation: Update Network Group

Input parameters

Parameter Description
Network Group Name Specify the name of the Network group that you want to update in Cisco ASA by adding or removing an IP address from the specified group.
Method Select the update action that you want to perform on the specified group. You can choose to Add or Remove an IP address from the specified network group.
IP Address Specify the IP address that you want to update in the specified network group.

Output

The output contains the following populated JSON schema:
{
"status": "",
"command": ""
}

operation: Run Custom Commands

Input parameters

Parameter Description
Commands Specify the Cisco ASA custom commands separated by a semicolon(;) separated. E.g. <command1>;<command2>;<command3>

Output

The output contains the following populated JSON schema:
{
"message": ""
}

Included playbooks

The Sample - Cisco ASA - 2.0.1 playbook collection comes bundled with the Cisco ASA connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ASA connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next