Internet Access Requirements

By default, the dynamic attributes connector is configured to communicate with the Firepower System over the internet using HTTPS on port 443/tcp (HTTPS). If you do not want the dynamic attributes connector to have direct access to the internet, you can configure a proxy server.

The following information informs you of the URLs the dynamic attributes connector use to communicate with the CDO and with external servers.

Dynamic Attributes Connector CDO access requirements
URL	Reason
https://`fmc-ip`/api/fmc_platform/v1/ auth/generatetoken	Authentication
https://`fmc-ip`/api/fmc_config/ v1/domain/`domain-id`/object/dynamicobjects	GET and POST dynamic objects
https://`fmc-ip`/api/fmc_config/ v1/domain/ `domain-id`/object/dynamicobjects/ `object-id`/mappings?action=add	Add mappings
https://`fmc-ip`/api/fmc_config/ v1/domain/`domain-id` /object/dynamicobjects/ `object-id`/mappings?action=remove	Remove mappings

Dynamic Attributes Connector AWS access requirements

The dynamic attributes connector calls built-in SDK methods to get instance information. These methods internally query service endpoint URLs based on the specified region in the .dynamic attributes connector They are documented in AWS website https://docs.aws.amazon.com/general/latest/gr/ec2-service.html.

Dynamic Attributes Connector Azure access requirements

The dynamic attributes connector calls built-in SDK methods to get instance information. These methods internally call call https://login.microsoft.com (for authentication) and https://management.azure.com (to get instance information).