Sunday, June 26, 2022
HomeHealthCommunity Safety Automation utilizing Cisco Safe Firewall and Hashicorp’s Consul

Community Safety Automation utilizing Cisco Safe Firewall and Hashicorp’s Consul

An increasing number of organizations in the present day are transferring in direction of dynamic infrastructure deployments in cloud environments or utilizing microservices. In such environments, cases and providers are created and decommissioned as per want and that may be very frequent. Retaining observe of updates to such elements in a  fast-changing surroundings is changing into a problem for SecOps groups and an agile,  scalable, automated answer has turn into a significant requirement.

Let’s assume that an entry rule configured on the Cisco Safe Firewall permits site visitors from one service to a different primarily based on their IP addresses. It’s efficient so long as the setup doesn’t change but when the vacation spot node goes down or turns into inaccessible, one other node will spin up as a substitute making the entry rule ineffective. The entry rule doesn’t dynamically change on the firewall, It wants an administrator to log into the system and manually change the rule until dynamic objects are configured on the Cisco Safe Firewall Administration Heart (FMC).


If dynamic objects are configured on the FMC, any modifications to dynamic IP addresses can happen programmatically utilizing the Cisco Safe Dynamic Attribute Connector(CSDAC) with out the necessity to deploy this variation to the firewall.

Alternatively, IP addresses within the dynamic objects on FMC could be routinely created, up to date and deleted utilizing Hashicorp’s Consul-Terraform-Sync answer. For purchasers who use the Consul infrastructure, that is the popular answer.

Hashicorp’s Consul is a service mesh answer offering service discovery, configuration, and segmentation performance throughout a number of environments. Its service discovery characteristic permits Consul brokers to register providers to a central registry referred to as the Consul service catalog.

The Consul-Terraform-Sync service makes use of the Consul catalog as a knowledge supply that incorporates networking details about providers and watches Consul state modifications on the utility layer (primarily based on service well being modifications, new cases deployed, and so forth.) and forwards the info to a Consul-Terraform-Sync appropriate Terraform module that’s routinely triggered.

Terraform is used because the underlying automation device and leverages the Terraform supplier ecosystem to drive related modifications to the community infrastructure. The terraform module used right here is the dynamicobjects module primarily based on FMC terraform supplier.

cisco secure

Please confer with this hyperlink for getting began with Consul-terraform-sync.

When the Consul Terraform-Sync answer is used along side the dynamic object, the FMC is up to date with the IP deal with mappings obtained by the dynamicobjects Terraform module. This in flip, updates the entry guidelines on the FMC containing that object which ensures that the fitting entry is at all times offered to the fitting providers.

This partnership between Cisco and Hashicorp gives an agile answer for monitoring dynamic modifications within the cloud surroundings.  The Terraform module with the detailed utilization and workflow could be discovered right here.

Associated sources:


Cisco Safe FMC Terraform Supplier

We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Keep Related with Cisco Safe on social!

Cisco Safe Social Channels







Please enter your comment!
Please enter your name here

Most Popular

Recent Comments