SRX Automation 3: Configuring NAT

Automate NAT config Develop a srx NAT config file Separate the Variables and Command Create a YAML file to store the variable (Playbook) Create a Jinja2 template to execute the command

line (template) Use “junos_install_config” from the Ansible

module to update SRX configuration.

Example: Create SRX address

book CLI for create address book:

#set security address-book global address LocalNet 172.16.0.0/24 #set security address-book global address PrivateNet

192.168.10.0/24 #set security address-book global address PublicNet 10.10.0.0/22

Hence, we have separate the CLI into Variables:

name: LocalNet, prefix: 172.16.0.0/24 name: PrivateNet, prefix: 192.168.10.0/24 name: PublicNet, prefix: 10.10.0.0/22

Actions: Set security address-book global address {name} {prefix}

Example: Create SRX address

book Variable are defined in the playbook

(basic_nat_policies.yml)vars: junos_user: "root" junos_password: "Juniper" build_dir: "/tmp/" address_entries:

[ {'name':'LocalNet','prefix':'172.16.0.0/24'}, {'name':'PrivateNet','prefix':'192.168.10.0/24'}, {'name':'PublicNet','prefix':'10.10.0.0/22'} ]

Example: Create SRX address

book To update SRX, 2 tasks are defined in playbook

1, build a configuration file in /tmp directory 2, update srx config with junos_update_config

Example 2:Create Src Nat Config

Sample Source Nat Configuration

Example 2:Create Src Nat Config Define variable nat_policy_info: nat_policy_info: [{'rule_set':'fw-

nat’, 'src_zone':'trust', 'dst_zone':'untrust', 'rules':[{'name':'rule1','src_ips':['172.16.0.0/24'],'dst_ips':['0.0.0.0/0'], 'interface':True}]}]

Example 2:Create Src Nat Config Define jinja2 template (nat_src_policy.set.j2):

Example 2:Create Src Nat Config Define 2 tasks (basic_nat_policies.yml)

Build a temporary config file in /tmp Update the SRX config file.