u1735067
commented
4 months ago Hi, have you been able to discuss this? Do you need more inputs? Best,
Open u1735067 opened 6 months ago
u1735067
commented
4 months ago Hi, have you been able to discuss this? Do you need more inputs? Best,
Proposed Functionality
Support firewall virtual contexts (for policies, zones, ...)
Use Case
Some firewall supports virtual contexts (ie. virtual firewall that behave like a standalone firewall), some examples are:
vsysfor Palo AltoVDOMfor Fortigatevirtual systems(VS?) for CheckpointOne way (maybe wrong?) to model them is to create the physical devices as
Devices, put them in aVirtualization cluster, and create aVirtual machinefor each virtual context (vsys, vdom, ...), which would be the best representation as they're not actualDevices(not in a physical DC). However in that case this plugin is not usable as onlyDevicesandDevice Interfacesare selectable (verified in v2.0.3 on https://next.demo.nautobot.com/).What would be the best approach to support/model this and be able to use this plugin?
I did a POC (patch attached: nautobot-app-firewall-models_ltm-1.6_vminterfaces.diff.txt) modifying this plugin to allow selection of
VM Interfacesbased on theltm-1.6branch, it works for simple needs (not all features are implemented however), but it might not be the direction you would take? If it is however, would you accept a patch for the v2 branch?On a side note for Nautobot in general, some load-balancer may suffer the same limitations, for example Radware Alteon can be
standalone, virtual (VA), or inVX(~hypervisor)/vADC(virtual context) mode, and clusters can be formed at physical and/or virtual level (between vADC, themself on (cluster of) VX), the latter being hard to model as this notion of cluster/redundancy between VM is not supported natively. Cluster/redundancy can also be formed at the VIP level but that's another story ...Edit, some captures of the POC result: