How Ansible can be used to automate Palo Alto Network firewall configurations

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello I'm Jacob Elzy CEO of armature systems a crucial part of maintaining any large firewall infrastructure is being able to automate configuration management an armature systems we can use multiple platforms to achieve this however today Luisa is going to show you how to leverage ansible to push out configurations to your firewall hi my name is Luis Torres and I'm a network security engineer at armature systems today I will be going over how to create and ansible environments then I will show you how to use this ansible environments to communicate with Palo Alto Network firewalls and configure them let's begin here I'm demonstrating the file tree or the directory structure and that needs to be created the ansible environment contains one playbook its configuration file its host its roles its encrypted variables and the Python virtual environment I'm going to be showing you how these are created by starting off with the virtual environment the virtual environment requires Python version 3 and its package installer called pip a Python virtual environments can be created by executing the following command virtual V&V VNV is the parameter and can be any name you pick it's done let's now move on to activating the virtual environment it's done by typing source VNV /bin slash activates you can verify if the virtual environment is activated by the which command now that we're in the virtual environment we can continue with installing ansible once it's done we can then configure ansible we do this by creating ansible CFG and creating its defaults that include its raw path the virtual Python path and its inventory file save that and we can continue with installing the Palo Alto Networks sensible module this can be done by entering the following command ansible galaxy install Palo Alto Networks Palo Alto Networks once that's done we can now install the hosts file create a category called firewall and add the IPS of the management interface of the Palo Alto firewalls now that we're done with that we can move on to creating the encrypted variables file called bars dot yml we enter a password to encrypt the file and now enter our ansible variables we save and close let's try verifying that the contents are encrypted okay now let's take a look at the playbook file this file contains a name its hosts roles variables and tasks the task in this playbook will configure administration policies NAT rules and administration users on the Palazzo firewalls it then checks if the firewall is ready and commits the configuration let's see this in action run the following command and spa playbook ask vault pass add admins yml be patient and let the play finish the recap provides useful information when running blaze to review I explain how to create an ansible environment configure the environment and run place thank you these automation play books can be combined with ITSM or CMDB tools such as ServiceNow or pager duty in order to automatically push firewall configurations on-the-fly saving your organization time and money without having to sacrifice security policy if you'd like to know more please visit our mature systems comm you

Info

Channel: Armature Systems

Views: 2,402

Rating: undefined out of 5

Keywords: Ansible, Redhat, PaloAlto Networks, Automation, ServiceNow, PagerDuty, CMDB, Armature Systems, Security, cyber, silicon valley, firewall, configuration, playbook, encrypted variables, virtual enviorment, python, python virtual enviorment, professional services, configure ansible, IP, administration policies, automation playbooks, security policy

Id: vsN8LuN_JpY

Channel Id: undefined

Length: 3min 48sec (228 seconds)

Published: Fri Feb 14 2020