I was asked to allow Office 365 traffic, looks easy huh?
Step 1: know your enemy
After some Google-fu I found Microsoft kindly provides an update list of the IP/subnet/URLs necessary to access various services including Office 365, Lync, OneNOte etc.
It’s just a matter to add them on ASA.
Step 2: the lazy approach A.K.A. if you think you’ll do it more than once automate it!
I must admit the first time (a few weeks ago) I did it via bash with a little help from sed and awk.
The problem is the list is updated quite often and the process required some manual steps (and I don’t remember where I saved the original script ;-) ) so I moved to Python this time.
With a few Google searches and the usual trial&error approach I reached my goal in less than 30m: a MVP that works and allows me to reach the final result –> an happy customer.
I know the code is not elegant but it works, I don’t plan to spend more time on it soon since I’ve other priorities but feel free to use and improve it and share with the community.comments powered by Disqus