vSRX automation 4: Basic FW Policies
-
Upload
andy-leung -
Category
Education
-
view
104 -
download
3
Transcript of vSRX automation 4: Basic FW Policies
SRX Automation 4: FW Policies
Automate FW config Build a srx firewall configuration Separate the Variables and Command Create a YAML file to store the variable (Playbook) Create a Jinja2 template to execute the command line
(template) Build task list.
Create temp config file using Jinja2 template Update SRX config with Ansible’s “junos_install_config” module
Reference: https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/
BASIC FW Policy
Basic vpn firewall
policy Variable are defined in the playbook
basic_firewall_policies.yml fw_policy_info: [
policy_name : ‘Allow_Policy’ src_zone: ‘trust’ dst_zone: ‘untrust’ src_ips: [‘Local’] dst_ips: [‘any’] apps: [‘any’] action: ‘permit’ ]
Jinja2 template:fw_policy.set.j2
Build Jinja2 template
Running the Playbook Playbook file: basic_firewall_policies.yml % ansible-play –i inventory.yml
playbooks/basic_firewall_policies.yml
Verification From srx
>show configuration security policies