Python Script to convert firewall rules

Wed, 10 Dec 2014 10:57:06 -0800 

Hello Experts

I am network engineer and not expert in programming. I would like to make one 
python script to convert juniper netscreen firewall configuration into juniper 
SRX firewall configuration. Sample is below. I would appreciate if anybody can 
give me the high level steps to start with.

Juniper Netscreen
--------------------
set interface ethernet0/0 ip 194.1.1.1/24
set interface ethernet0/0 route
set interface "ethernet0/0" zone "Untrust"


set interface ethernet2/5 ip 10.17.10.1/24
set interface ethernet2/5 route
set interface "ethernet2/5" zone "Mail DMZ"

 

set interface "ethernet0/0" mip 194.1.1.10 host 10.17.10.10 netmask 
255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip 194.1.1.20 host 10.17.10.20 netmask 
255.255.255.255 vr "trust-vr"

set address "Mail DMZ" "mx1.union.com" 10.17.10.10 255.255.255.255
set address "Mail DMZ" "mx2.union.com" 10.17.10.20 255.255.255.255

set policy id 100 name "CR4444567" from "Untrust" to "DMZ"  "Any" 
"MIP(194.1.1.10)" "SMTP" permit log
set policy id 100
set dst-address "MIP(194.1.1.20)"
set log session-init
exit

Juniper SRX
----------
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 194.1.1.1/24;
            }
        }
    }
    ge-2/0/5 {
        unit 0 {
            family inet {
                address 10.17.10.1/24;
            }
        }
    }
}
security {
    nat {
        static {
            rule-set static-nat-"Untrust" {
                from zone "Untrust";
                rule rule-1 {
                    match {
                        destination-address 194.1.1.10/32;
                    }
                    then {
                        static-nat prefix 10.17.10.10/32;
                    }
                }
                rule rule-2 {
                    match {
                        destination-address 194.1.1.20/32;
                    }
                    then {
                        static-nat prefix 10.17.10.20/32;
                    }
                }
            }
        }
        proxy-arp {
            interface ge-0/0/0.0 {
                address {
                    194.1.1.10/32;
                    194.1.1.20/32;
                }
            }
        }
    }
    zones {
        security-zone Untrust {
            interfaces {
                ge-0/0/0.0;
            }
        }
        security-zone DMZ {
            address-book {
                address mx1.union.com  10.17.10.10/32;
                address mx2.union.com  10.17.10.20/32;
            }
            interfaces {
                ge-2/0/5.0;
            }
        }
    }
    policies {
        from-zone Untrust to-zone DMZ {
            /* "CR4444567" */
            policy 100 {
                match {
                    source-address any;
                    destination-address [ mx1.union.com mx2.union.com ];
                    application junos-smtp;
                }
                then {
                    permit;
                    log {
                        session-init;
                    }
                }
            }
        }
    }
}

-- 
https://mail.python.org/mailman/listinfo/python-list

Reply via email to