Internet Access Requirements
By default, the dynamic attributes connector is configured to communicate with the Firepower System over the internet using HTTPS on port 443/tcp (HTTPS). If you do not want the dynamic attributes connector to have direct access to the internet, you can configure a proxy server.
The following information informs you of the URLs the dynamic attributes connector use to communicate with the CDO and with external servers.
URL | Reason |
---|---|
https://fmc-ip/api/fmc_platform/v1/ auth/generatetoken |
Authentication |
https://fmc-ip/api/fmc_config/ v1/domain/domain-id/object/dynamicobjects |
GET and POST dynamic objects |
https://fmc-ip/api/fmc_config/ v1/domain/ domain-id/object/dynamicobjects/ object-id/mappings?action=add |
Add mappings |
https://fmc-ip/api/fmc_config/ v1/domain/domain-id /object/dynamicobjects/ object-id/mappings?action=remove |
Remove mappings |
Dynamic Attributes Connector AWS access requirements
The dynamic attributes connector calls built-in SDK methods to get instance information. These methods internally query service endpoint URLs based on the specified region in the .dynamic attributes connector They are documented in AWS website https://docs.aws.amazon.com/general/latest/gr/ec2-service.html.
Dynamic Attributes Connector Azure access requirements
The dynamic attributes connector calls built-in SDK methods to get instance information. These methods internally call call https://login.microsoft.com (for authentication) and https://management.azure.com (to get instance information).