Pingdom is a monitoring service that uses “a global network of 100+ servers from all over the world as often as every minute.” These servers are called probes.
When a website needs to be monitored, but access to it is restricted by the firewall to source IP addresses of the client, also called whitelisting, a list of the Pingdom probes needs to be maintained. Whenever Pingdom changes or adds a probe - you can see the following issue found on one of their help pages:
One of the most common reason for Pingdom reporting an outage is not that a site or server is down, but that our servers are being blocked by a firewall or access control list.
If a Pingdom probe is blocked - there is a good chance that it will alarm and notify you that you website is down.
Pingdom provides a list of those probes IP addresses here https://my.pingdom.com/probes/ipv4
Terraform is a tool that allows you to automate the provision of infrastructure. I noticed that Terraform has a Cisco ASA provider and gave it a quick whirl:
What I want to do is use the list of the Pingdom probe ip address, and update a network object group in my ASA firewall that has a firewall rule to allow access to the website:
Here is my terraform cisco-asa-pingdom-probes.tf
file that implements this.
1 | provider "ciscoasa" { |
To run it, you use the following commands:
$terraform init
$terraform apply
Here is the output of terraform apply
Here object group is shown in Cisco ADSM tool:
Next steps would be to schedule this job to run on a recurring basis to keep those probe ip addresses up-to-date.’