filmov
tv
Undercloud Management with Ansibe Tower - Cisco IOS Router & Fortigate Firewall
Показать описание
This video shows how a network engineer can make use of Ansible Tower to create new ACL rule and firewall policy on Cisco IOS router and FortiGate firewall. This shows the possibilities of using Ansible to manage the UnderCloud at scale.
All the relevant playbooks can be found at the following link,
Note that the playbooks also has logic for handling multiple subnets, which is not shown in this video.
The actual flow of the video is as follows:
1) The video start off with the end user trying to access the web page on the web server behind the FortiGate Firewall. The end-user will not be able to access the webpage as the required ACL rule and Firewall policy have not been added to the networking devices.
2) We will show the initial state of the FortiGate Firewall and Cisco CSR router (Note that the required address and service objects must be present in the FortiGate Firewall prior to the actual execution).
3) The Network engineer will log into the Ansible Tower and check that the SCM URL is pointed to the correct repository in GitHub. The inventory will comprise of 2 groups of equipment, i.e. Cisco and Fortinet with the corresponding host defined for each group.
4) Network Engineer will key in the required information in the Survey form. Information will include things such as the ACL source/destination IP segments as well as what kind of services we are looking to unblock.
5) The workflow will proceed with the information keyed in by the Engineer. The workflow is as such
i) Cisco Configuration Backup
ii) Add new ACL rule to Cisco router
iii) Proceed to backup the configurations of the FortiGate if previous step goes through without problems. Else proceed to roll back the configurations on the Cisco router.
iv) Proceed to add new firewall policy in FortiGate if previous step was successfully executed. Else proceed to roll back the configurations on the Cisco router.
v) Roll back Cisco router configurations if we are not able to successfully create new policy in FortiGate
6) The underlying assumption here is that the Network Engineer will need all the devices to be at the same state for the activity that he is performing during the Maintenance Windows. Roll back will be performed if there is a failure at any part of the workflow.
7) We will show the final state of the FortiGate and Cisco at the end of the workflow. We will see that all the required configurations have been configured on the network equipment by Ansible
8) End-User is able to view the webpage after that
9) We show that traffic did pass through the Cisco CSR router as well as the FortiGate Firewall (Note that bi-directional rule, policy is assumed in this demo)
All the relevant playbooks can be found at the following link,
Note that the playbooks also has logic for handling multiple subnets, which is not shown in this video.
The actual flow of the video is as follows:
1) The video start off with the end user trying to access the web page on the web server behind the FortiGate Firewall. The end-user will not be able to access the webpage as the required ACL rule and Firewall policy have not been added to the networking devices.
2) We will show the initial state of the FortiGate Firewall and Cisco CSR router (Note that the required address and service objects must be present in the FortiGate Firewall prior to the actual execution).
3) The Network engineer will log into the Ansible Tower and check that the SCM URL is pointed to the correct repository in GitHub. The inventory will comprise of 2 groups of equipment, i.e. Cisco and Fortinet with the corresponding host defined for each group.
4) Network Engineer will key in the required information in the Survey form. Information will include things such as the ACL source/destination IP segments as well as what kind of services we are looking to unblock.
5) The workflow will proceed with the information keyed in by the Engineer. The workflow is as such
i) Cisco Configuration Backup
ii) Add new ACL rule to Cisco router
iii) Proceed to backup the configurations of the FortiGate if previous step goes through without problems. Else proceed to roll back the configurations on the Cisco router.
iv) Proceed to add new firewall policy in FortiGate if previous step was successfully executed. Else proceed to roll back the configurations on the Cisco router.
v) Roll back Cisco router configurations if we are not able to successfully create new policy in FortiGate
6) The underlying assumption here is that the Network Engineer will need all the devices to be at the same state for the activity that he is performing during the Maintenance Windows. Roll back will be performed if there is a failure at any part of the workflow.
7) We will show the final state of the FortiGate and Cisco at the end of the workflow. We will see that all the required configurations have been configured on the network equipment by Ansible
8) End-User is able to view the webpage after that
9) We show that traffic did pass through the Cisco CSR router as well as the FortiGate Firewall (Note that bi-directional rule, policy is assumed in this demo)
0:07:17
0:02:47
0:08:18
0:03:49
0:01:29
0:05:01
0:03:02
0:24:15
1:02:14
0:04:11
0:04:14
0:04:11
0:13:02
0:13:14
0:07:36
0:06:05
0:40:10
1:09:50
0:07:23
2:01:52
0:11:52
1:11:46
0:13:38
0:50:00