What version of Cisco ASA are you using? The app was developed with a 9.14 version of ASAv.
I see there was a Cisco bug causing 401 unauthorized to be returned from any REST API around version 9.16
Original Message:
Sent: Thu March 16, 2023 03:39 AM
From: Siem Admin
Subject: Unable to connect with cisco ASA firewall through SOAR
Hi Ben,
The problem captured is related to enable ssl cert that is blocking the api communication. We checked this using Postman.
We have SOAR APP host. Please tell the exact logs where i can capture the communication error to troubleshoot.
The links mention the logs related to deployment. We have everything running fine in terms of Application and instance.
------------------------------
Siem Admin
Original Message:
Sent: Fri March 03, 2023 01:52 AM
From: BEN WILLIAMS
Subject: Unable to connect with cisco ASA firewall through SOAR
Hi,
I find in these circumstances that it is best to enable debug and then invoke one of the functions. This will show all the API calls to your firewall as well as the errors returned from the firewall. This might help determine the problem, whether it is a configuration problems or a permissions problem with the firewall.
See ether of the two documents for details of how to enable debug and download the app.log depending on whether you have an App Host or integration server
------------------------------
BEN WILLIAMS
Original Message:
Sent: Thu March 02, 2023 02:36 AM
From: Siem Admin
Subject: Unable to connect with cisco ASA firewall through SOAR
The error still remains the same after applying the fix in the link.
401 Client Error: Unauthorized for url: https://172.17.132.10/api/objects/networkobjects?limit=1
selftest: failure
selftest output:
{'state': 'failure', 'reason': 'Unable to connect to any Cisco ASA firewall.'}
Elapsed time: 0.447000 seconds
ERROR: running selftest for App.
Error Code: 1
------------------------------
Siem Admin
Original Message:
Sent: Tue February 28, 2023 08:24 AM
From: AnnMarie Norcross
Subject: Unable to connect with cisco ASA firewall through SOAR
401 is an authorization error and there is WARNING: No certificate file specified.
Does the solution discussed in this post help?
https://community.cisco.com/t5/network-security/problem-to-access-asdm-gui-401-unauthorized/td-p/2381772
------------------------------
AnnMarie Norcross
Original Message:
Sent: Fri February 24, 2023 04:11 AM
From: Siem Admin
Subject: Unable to connect with cisco ASA firewall through SOAR
While checking to access firewall through api, we are getting following error:
Error: Unauthorized for url: https://172.17.132.10/api/objects/networkobjects?limit=1 Details
------------------------
Running selftest with IBM SOAR
------------------------
- Getting app.configs
------------------------
Testing REST connection to SOAR
------------------------
- WARNING: No certificate file specified. Only allows the connections that are trusted by operating system.
- Checking if we can authenticate a REST connection with '8e9d962c-bccc-4201-b2bb-d0a54cbff833' to '172.18.51.57'
Unverified HTTPS requests (cafile=false).
------------------------
Successfully connected via REST!
------------------------
------------------------
Testing STOMP connection to SOAR
------------------------
- Checking if we can authenticate a STOMP connection with '8e9d962c-bccc-4201-b2bb-d0a54cbff833' to '172.18.51.57'
------------------------
Instantiating instance of resilient-circuits and starting it...
------------------------
2023-02-24 06:41:40,128 INFO [app] Configuration file: /etc/rescircuits/app.config
2023-02-24 06:41:40,129 INFO [app] Resilient server: 172.18.51.57
2023-02-24 06:41:40,130 INFO [app] Resilient api key id: 8e9d962c-bccc-4201-b2bb-d0a54cbff833
2023-02-24 06:41:40,132 INFO [app] Resilient org: CoforgeLTD
2023-02-24 06:41:40,132 INFO [app] Logging Level: INFO
2023-02-24 06:41:40,135 WARNING [co3] Unverified HTTPS requests (cafile=false).
2023-02-24 06:41:40,280 INFO [co3base] Using org name: CoforgeLTD
2023-02-24 06:41:41,288 INFO [app] Components auto-load directory: (none)
2023-02-24 06:41:41,357 INFO [component_loader] Loading 4 components
2023-02-24 06:41:41,358 INFO [component_loader] 'fn_cisco_asa.components.funct_cisco_asa_add_artifact_to_network_object_group.FunctionComponent' loading
2023-02-24 06:41:41,620 INFO [component_loader] 'fn_cisco_asa.components.funct_cisco_asa_get_network_object_details.FunctionComponent' loading
2023-02-24 06:41:41,727 INFO [component_loader] 'fn_cisco_asa.components.funct_cisco_asa_get_network_objects.FunctionComponent' loading
2023-02-24 06:41:42,211 INFO [component_loader] 'fn_cisco_asa.components.funct_cisco_asa_remove_network_object_from_network_object_group.FunctionComponent' loading
2023-02-24 06:41:42,312 WARNING [actions_component] Unverified STOMP TLS certificate (cafile=false)
2023-02-24 06:41:42,313 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds
2023-02-24 06:41:42,337 INFO [stomp_component] Connect to 172.18.51.57:65001
2023-02-24 06:41:42,339 INFO [actions_component] 'fn_cisco_asa.components.funct_cisco_asa_add_artifact_to_network_object_group.FunctionComponent' function 'cisco_asa_add_artifact_to_network_object_group' registered to 'fn_cisco_asa'
2023-02-24 06:41:42,340 INFO [actions_component] 'fn_cisco_asa.components.funct_cisco_asa_get_network_object_details.FunctionComponent' function 'cisco_asa_get_network_object_details' registered to 'fn_cisco_asa'
2023-02-24 06:41:42,341 INFO [actions_component] 'fn_cisco_asa.components.funct_cisco_asa_get_network_objects.FunctionComponent' function 'cisco_asa_get_network_objects' registered to 'fn_cisco_asa'
2023-02-24 06:41:42,342 INFO [app] App Started
2023-02-24 06:41:42,346 INFO [actions_component] 'fn_cisco_asa.components.funct_cisco_asa_remove_network_object_from_network_object_group.FunctionComponent' function 'cisco_asa_remove_network_object_from_network_object_group' registered to 'fn_cisco_asa'
2023-02-24 06:41:42,347 INFO [app] Components loaded
2023-02-24 06:41:42,451 INFO [actions_component] STOMP attempting to connect
2023-02-24 06:41:42,452 INFO [stomp_component] Connect to Stomp...
2023-02-24 06:41:42,453 INFO [client] Connecting to 172.18.51.57:65001 ...
2023-02-24 06:41:42,520 INFO [client] Connection established
2023-02-24 06:41:42,657 INFO [client] Connected to stomp broker [session=ID:IN-TZ1-SRIR.in.coforgetech.com-46848-1671738412183-4:18223, version=1.2]
2023-02-24 06:41:42,658 INFO [stomp_component] Connected to failover:(ssl://172.18.51.57:65001)?maxReconnectAttempts=3,startupMaxReconnectAttempts=3
2023-02-24 06:41:42,659 INFO [stomp_component] Client HB: 0 Server HB: 15000
2023-02-24 06:41:42,660 INFO [stomp_component] No Client heartbeats will be sent
2023-02-24 06:41:42,660 INFO [stomp_component] Requested heartbeats from server.
2023-02-24 06:41:42,663 INFO [actions_component] STOMP connected.
2023-02-24 06:41:42,767 INFO [actions_component] resilient-circuits has started successfully and is now running...
2023-02-24 06:41:42,768 INFO [actions_component] Subscribe to message destination 'fn_cisco_asa'
2023-02-24 06:41:42,769 INFO [stomp_component] Subscribe to message destination actions.201.fn_cisco_asa
2023-02-24 06:41:44,339 INFO [actions_component] SelftestTerminateEvent, exiting resilient-circuits
------------------------
Successfully connected via STOMP!
------------------------
------------------------
Running selftest for: 'fn-cisco-asa'
------------------------
fn-cisco-asa:
401 Client Error: Unauthorized for url: https://172.17.132.10/api/objects/networkobjects?limit=1
selftest: failure
selftest output:
{'state': 'failure', 'reason': 'Unable to connect to any Cisco ASA firewall.'}
Elapsed time: 0.332000 seconds
ERROR: running selftest for App.
Error Code: 1
SOAR
Version: 1.11.1.480
APP Host network
CPU Usage
5%
Running
------------------------------
Siem Admin
------------------------------