SlideShare a Scribd company logo

vSRX automation 4: Basic FW Policies

Download as PPTX, PDF
Andy Leung
Andy Leung

https://www.youtube.com/watch?v=3wz4W2HwKWA&list=PLQRnLiucG_JVHWrBoWLbbUmzzm2fBpvcN

Education
1 of 7
SRX Automation 4: FW Policies
Automate FW config  Build a srx firewall configuration  Separate the Variables and Command  Create a YAML file to store the variable (Playbook)  Create a Jinja2 template to execute the command line (template)  Build task list.  Create temp config file using Jinja2 template  Update SRX config with Ansible’s “junos_install_config” module Reference: https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/
BASIC FW Policy
Basic vpn firewall policy  Variable are defined in the playbook basic_firewall_policies.yml  fw_policy_info: [  policy_name : ‘Allow_Policy’  src_zone: ‘trust’  dst_zone: ‘untrust’  src_ips: [‘Local’]  dst_ips: [‘any’]  apps: [‘any’]  action: ‘permit’ ]
Jinja2 template: fw_policy.set.j2  Build Jinja2 template
Running the Playbook  Playbook file: basic_firewall_policies.yml  % ansible-play –i inventory.yml playbooks/basic_firewall_policies.yml
Verification  From srx  >show configuration security policies

Recommended

vSRX automation 3: NAT
vSRX automation 3: NATvSRX automation 3: NAT
vSRX automation 3: NAT
Andy Leung
 
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
Puppet
 
Zookeeper소개
Zookeeper소개Zookeeper소개
Zookeeper소개
Younggi Lim
 
My Sq Ldb Tut
My Sq Ldb TutMy Sq Ldb Tut
My Sq Ldb Tut
AkramWaseem
 
Working with Cookies in NodeJS
Working with Cookies in NodeJSWorking with Cookies in NodeJS
Working with Cookies in NodeJS
Jay Dihenkar
 
Configuracion de red en ubuntu
Configuracion de red en ubuntuConfiguracion de red en ubuntu
Configuracion de red en ubuntu
Lupita Chacon
 
Juju 基礎編
Juju 基礎編Juju 基礎編
Juju 基礎編
VirtualTech Japan Inc.
 
Database systems administration traning 0
Database systems administration traning 0Database systems administration traning 0
Database systems administration traning 0
Shahid Riaz
 

Recommended

vSRX automation 3: NAT
vSRX automation 3: NATvSRX automation 3: NAT
vSRX automation 3: NAT
Andy Leung
 
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
PuppetConf 2016: Puppet and UCS: Policy-Based Management All the Way Down – C...
Puppet
 
Zookeeper소개
Zookeeper소개Zookeeper소개
Zookeeper소개
Younggi Lim
 
My Sq Ldb Tut
My Sq Ldb TutMy Sq Ldb Tut
My Sq Ldb Tut
AkramWaseem
 
Working with Cookies in NodeJS
Working with Cookies in NodeJSWorking with Cookies in NodeJS
Working with Cookies in NodeJS
Jay Dihenkar
 
Configuracion de red en ubuntu
Configuracion de red en ubuntuConfiguracion de red en ubuntu
Configuracion de red en ubuntu
Lupita Chacon
 
Juju 基礎編
Juju 基礎編Juju 基礎編
Juju 基礎編
VirtualTech Japan Inc.
 
Database systems administration traning 0
Database systems administration traning 0Database systems administration traning 0
Database systems administration traning 0
Shahid Riaz
 
Vm booting volume_v1.0
Vm booting volume_v1.0Vm booting volume_v1.0
Vm booting volume_v1.0
Vietnam Open Infrastructure User Group
 
OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)
Dirk Wallerstorfer
 
Solaris mysql sop
Solaris mysql sopSolaris mysql sop
Solaris mysql sop
Uday Prabhala
 
Juju + KubernetesでGPU の活用
Juju + KubernetesでGPU の活用Juju + KubernetesでGPU の活用
Juju + KubernetesでGPU の活用
VirtualTech Japan Inc.
 
Redmine on amazon ec2
Redmine on amazon ec2Redmine on amazon ec2
Redmine on amazon ec2
Ikuru Kanuma
 
How to persist data with Redis
How to persist data with RedisHow to persist data with Redis
How to persist data with Redis
Brian Best
 
Ac cuda c_3
Ac cuda c_3Ac cuda c_3
Ac cuda c_3
Josh Wyatt
 
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
Dr. Khaled Bakro
 
How to install Odoo 13 in Ubuntu ?
How to install Odoo 13 in Ubuntu ?How to install Odoo 13 in Ubuntu ?
How to install Odoo 13 in Ubuntu ?
Varsha Technaureus
 
Java concurrency introduction
Java concurrency introductionJava concurrency introduction
Java concurrency introduction
yangwm
 
Ac cuda c_2
Ac cuda c_2Ac cuda c_2
Ac cuda c_2
Josh Wyatt
 
{'python': 'dict'}
{'python': 'dict'}{'python': 'dict'}
{'python': 'dict'}
nybon
 
2
22
2
Darwin Chimbo
 
Cookies in php
Cookies in phpCookies in php
Cookies in php
ArunaDevi63
 
Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
JoeSg
 
XPChain Blockchain Roadmap update [April ~ July 2020]
XPChain Blockchain Roadmap update [April ~ July 2020]XPChain Blockchain Roadmap update [April ~ July 2020]
XPChain Blockchain Roadmap update [April ~ July 2020]
DarioRob
 
GuiceCon 2011 - Sisu
GuiceCon 2011 - SisuGuiceCon 2011 - Sisu
GuiceCon 2011 - Sisu
Stuart McCulloch
 
Configuration of jms jndi
Configuration of jms jndiConfiguration of jms jndi
Configuration of jms jndi
xavier john
 
GCP Deployment Manager Demo
GCP Deployment Manager DemoGCP Deployment Manager Demo
GCP Deployment Manager Demo
Vijayananda Mohire
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
Ana-Maria Mihalceanu
 
Design of bare metal proxy compute node
Design of bare metal proxy compute nodeDesign of bare metal proxy compute node
Design of bare metal proxy compute node
Lorin Hochstein
 
A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf
Ana-Maria Mihalceanu
 

More Related Content

What's hot

Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
JoeSg
 

What's hot (18)

Vm booting volume_v1.0
Vm booting volume_v1.0Vm booting volume_v1.0
Vm booting volume_v1.0
 
OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)OpenStack Day 2 Operations (Toronto)
OpenStack Day 2 Operations (Toronto)
 
Solaris mysql sop
Solaris mysql sopSolaris mysql sop
Solaris mysql sop
 
Juju + KubernetesでGPU の活用
Juju + KubernetesでGPU の活用Juju + KubernetesでGPU の活用
Juju + KubernetesでGPU の活用
 
Redmine on amazon ec2
Redmine on amazon ec2Redmine on amazon ec2
Redmine on amazon ec2
 
How to persist data with Redis
How to persist data with RedisHow to persist data with Redis
How to persist data with Redis
 
Ac cuda c_3
Ac cuda c_3Ac cuda c_3
Ac cuda c_3
 
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
الفصل السابع - التخزين الثانوي- د. خالد بكرو Secondary Storage - Dr. Khaled B...
 
How to install Odoo 13 in Ubuntu ?
How to install Odoo 13 in Ubuntu ?How to install Odoo 13 in Ubuntu ?
How to install Odoo 13 in Ubuntu ?
 
Java concurrency introduction
Java concurrency introductionJava concurrency introduction
Java concurrency introduction
 
Ac cuda c_2
Ac cuda c_2Ac cuda c_2
Ac cuda c_2
 
{'python': 'dict'}
{'python': 'dict'}{'python': 'dict'}
{'python': 'dict'}
 
2
22
2
 
Cookies in php
Cookies in phpCookies in php
Cookies in php
 
Get mysql clusterrunning-windows
Get mysql clusterrunning-windowsGet mysql clusterrunning-windows
Get mysql clusterrunning-windows
 
XPChain Blockchain Roadmap update [April ~ July 2020]
XPChain Blockchain Roadmap update [April ~ July 2020]XPChain Blockchain Roadmap update [April ~ July 2020]
XPChain Blockchain Roadmap update [April ~ July 2020]
 
GuiceCon 2011 - Sisu
GuiceCon 2011 - SisuGuiceCon 2011 - Sisu
GuiceCon 2011 - Sisu
 
Configuration of jms jndi
Configuration of jms jndiConfiguration of jms jndi
Configuration of jms jndi
 

Similar to vSRX automation 4: Basic FW Policies

Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...
Docker, Inc.
 
Effective Python Package Management [PyCon Canada 2017]
Effective Python Package Management [PyCon Canada 2017]Effective Python Package Management [PyCon Canada 2017]
Effective Python Package Management [PyCon Canada 2017]
Devon Bernard
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
Abdulrahman Bassam
 

Similar to vSRX automation 4: Basic FW Policies (20)

GCP Deployment Manager Demo
GCP Deployment Manager DemoGCP Deployment Manager Demo
GCP Deployment Manager Demo
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 
Design of bare metal proxy compute node
Design of bare metal proxy compute nodeDesign of bare metal proxy compute node
Design of bare metal proxy compute node
 
A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf
 
A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf
 
Syslog
SyslogSyslog
Syslog
 
Syslog
SyslogSyslog
Syslog
 
F312 A
F312 AF312 A
F312 A
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 
Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...
 
Oracle11g On Fedora14
Oracle11g On Fedora14Oracle11g On Fedora14
Oracle11g On Fedora14
 
Oracle11g on fedora14
Oracle11g on fedora14Oracle11g on fedora14
Oracle11g on fedora14
 
Beagleboard xm-setup
Beagleboard xm-setupBeagleboard xm-setup
Beagleboard xm-setup
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Extending unity3D Editor
Extending unity3D EditorExtending unity3D Editor
Extending unity3D Editor
 
Medianet manual
Medianet manualMedianet manual
Medianet manual
 
Effective Python Package Management [PyCon Canada 2017]
Effective Python Package Management [PyCon Canada 2017]Effective Python Package Management [PyCon Canada 2017]
Effective Python Package Management [PyCon Canada 2017]
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 

Recently uploaded

Recently uploaded (20)

On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 

vSRX automation 4: Basic FW Policies

  • 2. Automate FW config  Build a srx firewall configuration  Separate the Variables and Command  Create a YAML file to store the variable (Playbook)  Create a Jinja2 template to execute the command line (template)  Build task list.  Create temp config file using Jinja2 template  Update SRX config with Ansible’s “junos_install_config” module Reference: https://github.com/JNPRAutomate/JNPRAutomateDemo-Class/
  • 4. Basic vpn firewall policy  Variable are defined in the playbook basic_firewall_policies.yml  fw_policy_info: [  policy_name : ‘Allow_Policy’  src_zone: ‘trust’  dst_zone: ‘untrust’  src_ips: [‘Local’]  dst_ips: [‘any’]  apps: [‘any’]  action: ‘permit’ ]
  • 6. Running the Playbook  Playbook file: basic_firewall_policies.yml  % ansible-play –i inventory.yml playbooks/basic_firewall_policies.yml
  • 7. Verification  From srx  >show configuration security policies