SRX Automation 4: FW Policies

Automate FW config Build a srx firewall configuration Separate the Variables and Command Create a YAML file to store the variable (Playbook) Create a Jinja2 template to execute the command line

(template) Build task list.

Create temp config file using Jinja2 template Update SRX config with Ansible’s “junos_install_config” module

Reference: https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/

BASIC FW Policy

Basic vpn firewall

policy Variable are defined in the playbook

basic_firewall_policies.yml fw_policy_info: [

policy_name : ‘Allow_Policy’ src_zone: ‘trust’ dst_zone: ‘untrust’ src_ips: [‘Local’] dst_ips: [‘any’] apps: [‘any’] action: ‘permit’ ]

Jinja2 template:fw_policy.set.j2

Build Jinja2 template

Running the Playbook Playbook file: basic_firewall_policies.yml % ansible-play –i inventory.yml

playbooks/basic_firewall_policies.yml

Verification From srx

>show configuration security policies