https://www.youtube.com/watch?v=3wz4W2HwKWA&list=PLQRnLiucG_JVHWrBoWLbbUmzzm2fBpvcN

1. SRX Automation 3:
Configuring NAT

2. Automate NAT config
 Develop a srx NAT config file
 Separate the Variables and Command
 Create a YAML file to store the variable (Playbook)
 Create a Jinja2 template to execute the command
line (template)
 Use “junos_install_config” from the Ansible module to
update SRX configuration.

3. Example:
Create SRX address
book
 CLI for create address book:
 #set security address-book global address LocalNet 172.16.0.0/24
 #set security address-book global address PrivateNet
192.168.10.0/24
 #set security address-book global address PublicNet 10.10.0.0/22
 Hence, we have separate the CLI into
 Variables:
 name: LocalNet, prefix: 172.16.0.0/24
 name: PrivateNet, prefix: 192.168.10.0/24
 name: PublicNet, prefix: 10.10.0.0/22
 Actions:
 Set security address-book global address {name} {prefix}

4. Example:
Create SRX address
book
 Variable are defined in the playbook (basic_nat_policies.yml)
vars: junos_user: "root"
junos_password: "Juniper"
build_dir: "/tmp/"
address_entries: [
{'name':'LocalNet','prefix':'172.16.0.0/24'},
{'name':'PrivateNet','prefix':'192.168.10.0/24'},
{'name':'PublicNet','prefix':'10.10.0.0/22'} ]

5. Example:
Create SRX address
book
 To update SRX, 2 tasks are defined in playbook
 1, build a configuration file in /tmp directory
 2, update srx config with junos_update_config

6. Example 2:
Create Src Nat Config
 Sample Source Nat Configuration

7. Example 2:
Create Src Nat Config
 Define variable nat_policy_info:
 nat_policy_info: [{'rule_set':'fw-nat’, 'src_zone':'trust',
'dst_zone':'untrust',
'rules':[{'name':'rule1','src_ips':['172.16.0.0/24'],'dst_ips':[
'0.0.0.0/0'], 'interface':True}]}]

8. Example 2:
Create Src Nat Config
 Define jinja2 template (nat_src_policy.set.j2):

9. Example 2:
Create Src Nat Config
 Define 2 tasks (basic_nat_policies.yml)
 Build a temporary config file in /tmp
 Update the SRX config file.