Skip to content
This repository has been archived by the owner on Jul 19, 2024. It is now read-only.

Commit

Permalink
validated ansible steps working correctly, verified idp tools
Browse files Browse the repository at this point in the history
  • Loading branch information
@RobWC
RobWC committed Mar 25, 2015
1 parent ff767b1 commit 47d69c0
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 9 deletions.
12 changes: 6 additions & 6 deletions ansible/playbooks/appfw_policies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,20 @@
junos_user: "root"
junos_password: "Juniper"
build_dir: "/tmp/"
appfw_to_policy_info: [{"src_zone":"trust","dst_zone":"untrust","policy_name":"door","appfw_rule_set":"ruleset1"}] #determine policy name
appfw_policy_info: [{"rule_set":"ruleset1","rule_set_default_action":"permit","rules":{"name":"rule1","dynapps":["junos:GOOGLE", "junos:GOOGLE-ACCOUNTS", "junos:GOOGLE-ACCOUNTS-SSL","junos:GOOGLE-ADS", "junos:GOOGLE-ANALYTICS-TRACKING", "junos:GOOGLE-APPENGINE", "junos:GOOGLE-CACHE", "junos:GOOGLE-DESKTOP", "junos:GOOGLE-DOCS", "junos:GOOGLE-DOCS-DRAWING", "junos:GOOGLE-DOCS-FORM", "junos:GOOGLE-DOCS-PRESENTATION", "junos:GOOGLE-DOCS-SPREADSHEET", "junos:GOOGLE-DOCS-WORD-DOCUMENT", "junos:GOOGLE-DRIVE", "junos:GOOGLE-EARTH", "junos:GOOGLE-GROUPS-POST", "junos:GOOGLE-MAPS", "junos:GOOGLE-MOBILE-MAPS-APP", "junos:GOOGLE-PICASA", "junos:GOOGLE-PLUS", "junos:GOOGLE-PLUS-SSL", "junos:GOOGLE-SAFEBROWSE-SUB", "junos:GOOGLE-SAFEBROWSE-UPDATE", "junos:GOOGLE-SKYMAP", "junos:GOOGLE-STATIC", "junos:GOOGLE-SYNDICATION", "junos:GOOGLE-TOOLBAR", "junos:GOOGLE-TRANSLATE", "junos:GOOGLE-UPDATE", "junos:GOOGLE-VIDEOS", "junos:GOOGLE-WEBCHAT", "junos:GOOGLETALK"]}}]
appfw_to_policy_info: [{"src_zone":"trust","dst_zone":"untrust","policy_name":"Allow_Policy","appfw_rule_set":"ruleset1"}]
appfw_policy_info: [{"rule_set":"ruleset1","rule_set_default_action":"permit","rules":[{"name":"rule1","action":"deny","dynapps":["junos:GOOGLE", "junos:GOOGLE-ACCOUNTS", "junos:GOOGLE-ACCOUNTS-SSL","junos:GOOGLE-ADS", "junos:GOOGLE-ANALYTICS-TRACKING", "junos:GOOGLE-APPENGINE", "junos:GOOGLE-CACHE", "junos:GOOGLE-DESKTOP", "junos:GOOGLE-DOCS", "junos:GOOGLE-DOCS-DRAWING", "junos:GOOGLE-DOCS-FORM", "junos:GOOGLE-DOCS-PRESENTATION", "junos:GOOGLE-DOCS-SPREADSHEET", "junos:GOOGLE-DOCS-WORD-DOCUMENT", "junos:GOOGLE-DRIVE", "junos:GOOGLE-EARTH", "junos:GOOGLE-GROUPS-POST", "junos:GOOGLE-MAPS", "junos:GOOGLE-MOBILE-MAPS-APP", "junos:GOOGLE-PICASA", "junos:GOOGLE-PLUS", "junos:GOOGLE-PLUS-SSL", "junos:GOOGLE-SAFEBROWSE-SUB", "junos:GOOGLE-SAFEBROWSE-UPDATE", "junos:GOOGLE-SKYMAP", "junos:GOOGLE-STATIC", "junos:GOOGLE-SYNDICATION", "junos:GOOGLE-TOOLBAR", "junos:GOOGLE-TRANSLATE", "junos:GOOGLE-UPDATE", "junos:GOOGLE-VIDEOS", "junos:GOOGLE-WEBCHAT", "junos:GOOGLETALK"]}]}]

tasks:
- name: Build app firewall policies
template: src=templates/appfw_policy.set.js dest={{build_dir}}/appfw_policy.set
template: src=templates/appfw_policy.set.j2 dest={{build_dir}}/appfw_policy.set
with_items: appfw_policy_info

- name: Apply address book entries
- name: Apply app firewall policies
junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/appfw_policy.set overwrite=no logfile=logs/{{ inventory_hostname }}.log

- name: Apply app firewall rules to policy
template: src=templates/appfw_to_policy.set.js dest={{build_dir}}/appfw_to_policy.set
with_items: appfw_policy_info
template: src=templates/appfw_to_policy.set.j2 dest={{build_dir}}/appfw_to_policy.set
with_items: appfw_to_policy_info

- name: Apply firewall policies
junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/appfw_to_policy.set overwrite=no logfile=logs/{{ inventory_hostname }}.log
4 changes: 2 additions & 2 deletions ansible/playbooks/basic_firewall_policies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@

tasks:
- name: Build address book entries
template: src=templates/fw_address_book.set.j2 dest={{build_dir}}/fw_address_book.set
template: src=templates/fw_address_book_global.set.j2 dest={{build_dir}}/fw_address_book_global.set
with_items: address_entries

- name: Apply address book entries
junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/fw_address_book.set overwrite=no logfile=logs/{{ inventory_hostname }}.log
junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/fw_address_book_global.set overwrite=no logfile=logs/{{ inventory_hostname }}.log


- name: Build firewall policies config template
Expand Down
1 change: 1 addition & 0 deletions ansible/playbooks/templates/appfw_policy.set.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
{% for app in i.dynapps %}
set security application-firewall rule-sets {{ item.rule_set }} rule {{ i.name }} match dynamic-application {{ app }}
{% endfor %}
set security application-firewall rule-sets {{ item.rule_set }} rule {{ i.name }} then {{ i.action }}
{% endfor %}
set security application-firewall rule-sets {{ item.rule_set }} default-rule {{ item.rule_set_default_action }}
{% endfor %}
2 changes: 1 addition & 1 deletion ...le/playbooks/templates/appfw_to_policy.j2 → ...laybooks/templates/appfw_to_policy.set.j2
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{% for item in appfw_to_policy_info %}
set security policies from-zone {{ item.src_zone }} to-zone {{ item.dst_zone }} policy {{ item.policy_name }} then permit application-services application-firewall rule-set {{ item.appfw_rule_set }
set security policies from-zone {{ item.src_zone }} to-zone {{ item.dst_zone }} policy {{ item.policy_name }} then permit application-services application-firewall rule-set {{ item.appfw_rule_set }}
{% endfor %}

0 comments on commit 47d69c0

Please sign in to comment.