Wednesday, June 26, 2019

Firewall CLI manager (ACL)

Hi,

Since more than one year, I work to dev an application to manage firewall ACL in CLI.

I would like to share my project here because I think it can help many net admin.

PHP-CLI Shell Firewall

Features:

- CLI with autocompletion (TAB, ?, CTRL+R, ...)

- PHPIPAM integration

Can be disable, it is possible to import, refresh or search objects from PHPIPAM

- Wizard and demo

Wizard to create configuration and launcher. Demo to try application

- Multi-constructor (Cisco, Juniper)

There is a template engine so it is possible to create other template, there is a HTML grid template based on AG-Grid

- Multi-location (site/datacenter)

One config file can contain more than one site

- Multi-environment

It is possible to create many launcher, one per environment

- Rule monosite, failover and fullmesh:

ACL monosite:

  • basic ACL, source(s), destination(s), no automation. For this ACL category you can not enable fullmesh option!

ACL failover:

  • without fullmesh option: failover ACL(s) will be automaticaly generated for all failover sites in inbound or outbound.
  • with fullmesh option: like without but source and destination of ACL will be isolated per zone to process automation.

- import/export

It is possible to import (with prefix or not) a backup, for example for VPN rules which are in dedicated files

- backup in JSON and CSV (compatible with GIT)

JSON for machine and CSV for human, both files can be saved in GIT (text)

- SCP to publish configuration without commit

Compatible with bastion, the network admin have to commit configuration from firewall local flash storage

Use environment credentials to secure it ;-)

- config topology to detect right zone/interface

- dual-stack (IPv4 and IPv6)

- rule description and tag

- rename, clone rules

- locate, filters objects (host, subnet, network, rule, flow)

- ...

We use this application to manager many Cisco ASA firewalls and Juniper SRX.

ToDo:

- Dev namespace to permit publish application on Composer

- Many firewall templates like Checkpoint or others

- Manage firewall NAT/PAT

- Other IPAM addon like NetBox

- Other DCIM addon like NetBox

- Translate in english and french

- ???

This application is compatible with DCIM PatchManager too.

I will create a Discord, Slack or Gitter channel about my project for support or to talk about it.

What do you think of my project?

Sorry for my bad english ;-)

@+



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)