Internet Access Requirements

By default, the dynamic attributes connector is configured to communicate with the Firepower System over the internet using HTTPS on port 443/tcp (HTTPS). If you do not want the dynamic attributes connector to have direct access to the internet, you can configure a proxy server.

The following information informs you of the URLs the dynamic attributes connector use to communicate with the CDO and with external servers.

Dynamic Attributes Connector CDO access requirements
URL	Reason
https://`fmc-ip`/api/fmc_platform/v1/ auth/generatetoken	Authentication
https://`fmc-ip`/api/fmc_config/ v1/domain/`domain-id`/object/dynamicobjects	GET and POST dynamic objects
https://`fmc-ip`/api/fmc_config/ v1/domain/ `domain-id`/object/dynamicobjects/ `object-id`/mappings?action=add	Add mappings
https://`fmc-ip`/api/fmc_config/ v1/domain/`domain-id` /object/dynamicobjects/ `object-id`/mappings?action=remove	Remove mappings

Migration from DockerHub to Amazon ECR

Docker images for the Cisco Secure Dynamic Attributes Connector are being migrated from Docker Hub to Amazon Elastic Container Registry (Amazon ECR).

To use the new field packages, you must allow access through your firewall or proxy to all of the following URLs:

https://public.ecr.aws

To download individual field packages, search the Amazon ECR gallery for muster
https://csdac-cosign.s3.us-west-1.amazonaws.com

Dynamic Attributes Connector Azure access requirements

The dynamic attributes connector calls built-in SDK methods to get instance information. These methods internally call call https://login.microsoft.com (for authentication) and https://management.azure.com (to get instance information).