Bluecat Gateway Version: v18.10.2 and greater
BlueCat DNS Edge Version: v2019.8 and greater
Absorbaroo downloads Office 365 Whitelists and syncs them to DNS Edge and Meraki SDWAN.
Customers using SDWAN for traffic optimization can leverage this workflow to allow safe traffic to Office 365 sites.
The following is a typical use case architecture:
- Supports the individual selection of service category (such as Optimize, Allow, Default).
- Allows to save configurations without SDWAN settings.
- Supports the updated method for obtaining API access token from DNS Edge v2019.8.
Absorbaroo runs on the BlueCat Gateway platform.
Copy the absorbaroo directory to bluecat_portal/workflows/
cp -r absorbaroo <bluecat_portal>/workflows/
- Additional Python3 Library
This workflow requires the python3 "apscheduler" library.
Install the library using PIP3 inside the BlueCat Gateway container.
$pip3 install apscheduler
-
Additional Python Code
This workflow requires addtional python code.
Copy directories "dnsedge", "sdwan" and "o365" underadditional/to/portal/bluecat_portal/customizations/integrations/inside the BlueCat Gateway container. -
jqGrid
This workflow requires jqGrid.
Download jqGrid from HERE.
After downloading, extract the following two files: "ui.jqgrid.css" and "jquery.jqGrid.min.js".
Copy the two files to/portal/static/js/vendor/jqgrid/inside the Bluecat Gateway container.
Create a "jqgrid" directory if it does not exist. -
DNS Edge CI Access Key Sets
This workflow requires the DNS Edge CI access key sets JSON file.
Log in to the DNS Edge Customer Instance via browser.
Click "Profile" at the top right corner under "ACCOUNT".
After opening the Profile page, click the blue cross to create new access key sets.
Click DOWNLOAD .JSON FILE and save the JSON file to a directory of your choosing.
- Set Office 365 Configurations
Select the Office 365 tab and set the following parameters:
-
Instance Name:
Select the route parameter from the drop down menu.
This optional parameter specifies the instance to return the version for. If omitted, all instances are returned.
Valid instances are: Worldwide, China, Germany, USGovDoD, USGovGCCHigh. -
Client Request ID
A GUID is required for client association. Generate a GUID for each machine that calls the web service. Refer HERE for more information. -
Service Areas
Check or uncheck the service areas you wish to whitelist.
If you are unsure, check all.
Click "SAVE"
- Set DNS Edge Configurations
Select the DNS Edge tab and set the following parameters:
-
DNS Edge URL:
This URL will be the BlueCat DNS Edge CI.
The URL should be in the following format:
"https://api-<Your_Edge_CI_URL>" -
Access Key File (JSON):
ClickChoose Fileand open the DNS Edge Access Key Sets JSON file which contains Client ID and Client Secret.
Once the JSON file is chosen, Client Id: and Client Secret: will be automatically populated. -
Domain List
Type in the domain list which corresponds to the Office 365 whitelist.
Make sure the specified domain list is preregistered in the DNS Edge CI.
Click "SAVE"
- Set Meraki Cloud Controller Parameters
Select the SDWAN tab and set the following parameters:
- API Key:
This will be the API key for a specific user to login to the Meraki cloud controller via API.
Make sure that API access is enabled in the Meraki cloud controller web UI and a key is generated before setting this parameter.
- Organization Name:
This corresponds to the NETWORK name in the Meraki cloud controller web UI.
Make sure it is the same name (case sensitive) as in the web UI.
- Template Name:
This corresponds to the TEMPLATES name in the Meraki cloud controller web UI.
Make sure it is the same name (case sensitive) as in the web UI.
- Rule Delimiter Keyword(phrase):
The updated firewall rules will be set above this keyword (phrase), meaning any rule below this keyword will not be overwritten.
Typically a "Deny All Traffic" rule will be set here so that only the updated firewall rules based on DNS Edge domain lists will be allowed through.
Click "SAVE"
- Set Polling Intervals
Select the Execution tab and set polling intervals.
-
Current Endpoint Version:
The current endpoint version will be shown here. -
Last Synchronized at:
The last synchronized time will be shown here. -
Interval (sec):
Specify polling intervals.
Click "SYNCHRONIZE NOW" to synchronize and activate updater.
If you wish to manually synchronize once without continuous intervals, type in "0" in the interval menu and click "SYNCHRONIZE NOW".
By clicking "CLEAR" the settings will be cleared.
-
Language
You can switch to a Japanese menu by doing the following.- Create ja.txt in the BlueCat Gateway container.
cd /portal/Administration/create_workflow/text/ cp en.txt ja.txt- In the BlueCat Gateway Web UI, go to Administration > Configurations > General Configuration.
In General Configuration, select the Customization tab.
Under Language: type injaand save.
-
Appearance
This will make the base html menus a little bit wider.- Copy all files under the directory
additional/templatesto/portal/templatesinside the Bluecat Gateway container.
- Copy all files under the directory
ABSORBAROO is the brainchild of the BlueCat JAPAC team. Thank you for contributing your time to making this project a success.
The Team:
- David Jones (djones@bluecatnetworks.com)
- Michael Nonweiler (mnonweiler@bluecatnetworks.com)
- Akira Goto (agoto@bluecatnetworks.com)
- Timothy Noel (tnoel@bluecatnetworks.com)
- Ryu Tamura (rtamura@bluecatnetworks.com)
©2020 BlueCat Networks (USA) Inc. and its affiliates (collectively ‘ BlueCat’). All rights reserved. This document contains BlueCat confidential and proprietary information and is intended only for the person(s) to whom it is transmitted. Any reproduction of this document, in whole or in part, without the prior written consent of BlueCat is prohibited.