vSRX automation 3: NAT
-
Upload
andy-leung -
Category
Education
-
view
135 -
download
0
Transcript of vSRX automation 3: NAT
SRX Automation 3: Configuring NAT
Automate NAT config Develop a srx NAT config file Separate the Variables and Command Create a YAML file to store the variable (Playbook) Create a Jinja2 template to execute the command
line (template) Use “junos_install_config” from the Ansible
module to update SRX configuration.
Example: Create SRX address
book CLI for create address book:
#set security address-book global address LocalNet 172.16.0.0/24 #set security address-book global address PrivateNet
192.168.10.0/24 #set security address-book global address PublicNet 10.10.0.0/22
Hence, we have separate the CLI into Variables:
name: LocalNet, prefix: 172.16.0.0/24 name: PrivateNet, prefix: 192.168.10.0/24 name: PublicNet, prefix: 10.10.0.0/22
Actions: Set security address-book global address {name} {prefix}
Example: Create SRX address
book Variable are defined in the playbook
(basic_nat_policies.yml)vars: junos_user: "root" junos_password: "Juniper" build_dir: "/tmp/" address_entries:
[ {'name':'LocalNet','prefix':'172.16.0.0/24'}, {'name':'PrivateNet','prefix':'192.168.10.0/24'}, {'name':'PublicNet','prefix':'10.10.0.0/22'} ]
Example: Create SRX address
book To update SRX, 2 tasks are defined in playbook
1, build a configuration file in /tmp directory 2, update srx config with junos_update_config
Example 2:Create Src Nat Config
Sample Source Nat Configuration
Example 2:Create Src Nat Config Define variable nat_policy_info: nat_policy_info: [{'rule_set':'fw-
nat’, 'src_zone':'trust', 'dst_zone':'untrust', 'rules':[{'name':'rule1','src_ips':['172.16.0.0/24'],'dst_ips':['0.0.0.0/0'], 'interface':True}]}]
Example 2:Create Src Nat Config Define jinja2 template (nat_src_policy.set.j2):
Example 2:Create Src Nat Config Define 2 tasks (basic_nat_policies.yml)
Build a temporary config file in /tmp Update the SRX config file.