2. Automate NAT config
Develop a srx NAT config file
Separate the Variables and Command
Create a YAML file to store the variable (Playbook)
Create a Jinja2 template to execute the command
line (template)
Use “junos_install_config” from the Ansible module to
update SRX configuration.
3. Example:
Create SRX address
book
CLI for create address book:
#set security address-book global address LocalNet 172.16.0.0/24
#set security address-book global address PrivateNet
192.168.10.0/24
#set security address-book global address PublicNet 10.10.0.0/22
Hence, we have separate the CLI into
Variables:
name: LocalNet, prefix: 172.16.0.0/24
name: PrivateNet, prefix: 192.168.10.0/24
name: PublicNet, prefix: 10.10.0.0/22
Actions:
Set security address-book global address {name} {prefix}
4. Example:
Create SRX address
book
Variable are defined in the playbook (basic_nat_policies.yml)
vars: junos_user: "root"
junos_password: "Juniper"
build_dir: "/tmp/"
address_entries: [
{'name':'LocalNet','prefix':'172.16.0.0/24'},
{'name':'PrivateNet','prefix':'192.168.10.0/24'},
{'name':'PublicNet','prefix':'10.10.0.0/22'} ]
5. Example:
Create SRX address
book
To update SRX, 2 tasks are defined in playbook
1, build a configuration file in /tmp directory
2, update srx config with junos_update_config