Code ExchangeSearchRepository

Expressway Blocked IP Management Using Python

Use Case

Cisco Expressway provides secure mobile remote access solution to connect users from public network to the enterprise voice and video communications infrastructure. These servers has a intrusion protection system to scan logs for malicious patterns and automatically blocks the IP address that exhibits brute force or unauthorized traffic. This script will help to programmatically unblock the IP address from expressway using API.

Installation

git clone https://github.com/usharanig92/Expressway.git

Usage

Navigate to a cloned repo and run the script using uv module. uv module will install the required libraries during the script run. In the production deployment, the expressway API username and password should be passed through the secure credential retrieval method available in your organization. For a demo, here we are passing all the required parameters using click module. Modify the script to take these arguments securely. Also, please make sure the api_username is created with the required api perms and the password is same on all the peers. This will let the script query the peers and unblock the ip address. Running the script with the --help command will show all the available arguments.

$ uv run manage_blocked_ip.py --help
Installed 1 package in 89ms
Usage: manage_blocked_ip.py [OPTIONS] COMMAND [ARGS]...

  Expressway IP management tool.

Options:
  --api_username TEXT   Expressway username with API access  [required]
  --api_password TEXT   Creds for the Expressway API username provided above
                        [required]
  --expe_hostname TEXT  Expressway E primary peer hostname  [required]
  --help                Show this message and exit.

Commands:
  get-blocked  Get details of all blocked IPs.
  unblock      Unblock a specific IP address.

Retrieving the details of the blocked ip

The below query checks the expressway E to retreive the details of all the blocked ip addresses and outputs the blocked IP and the node where the ip address was blocked.

$ uv run manage_blocked_ip.py --api_username api_admin --api_password api_admin_password --expe_hostname expe-us.cisco.com get-blocked
node expe-us1.cisco.com has blocked_ips ['192.168.45.12', '10.52.178.203', '172.16.89.44', '203.0.113.67', '198.51.100.77', '100.64.99.201']
node expe-us2.cisco.com has blocked_ips ['10.0.45.128', '172.31.200.15', '192.0.2.88', '203.0.113.142', '10.0.45.128', '192.168.45.12', '100.64.99.201']
node expe-us3.cisco.com has blocked_ips ['172.16.89.44', '192.0.2.156', '100.64.99.201', '198.51.100.77']
node expe-us4.cisco.com has blocked_ips ['198.51.100.77', '192.0.2.88', '203.0.113.210', '172.20.55.63', '10.255.128.34']
node expe-us.cisco.com has blocked_ips ['198.51.100.41', '203.0.113.185', '192.168.45.12', '203.0.113.210', '10.255.128.34']

Unblocking the ip address

In the below query, we are passing the required parameters to login to the expressway host along with the ip address to unblock.

uv run manage_blocked_ip.py --api_username api_admin --api_password api_admin_password --expe_hostname expe-us.cisco.com unblock --ip_to_unblock 198.51.100.77
Successfully queued unban for IP 198.51.100.77

After the successful run of the above command, the ip 198.51.100.77 will be unblocked from all the peers this ip was blocked.

View code on GitHub
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.