This repository contains details on automating a network using Ansible and Nornir (a Python library).
In my lab, there is a Cisco and Juniper router, a FortiGate firewall, and two Arista switches. I specifically set out to create a multi-vendor environment because while one company may use a Cisco-heavy stack, another company may prefer Juniper, and so on.
I am able to interact with Git and make changes to this repository with the ControlNode via the NAT node. The NAT node gives the ControlNode internet connectivity.
Main dashboard of the GUI:
Firewall interfaces:
In our case, the service has to be set to 'ALL'. Ansible remotely logs into Juniper devices not through the SSH port of 22, but rather port 830 for Netconf. This FortiGate firewall is unable to specify port 830/Netconf as a service, hence the need to set the service to all allowed.
Details of the source and destination parameters:
Just enabling this rule will not allow our control node to remotely access our network devices. For that, we have to enable OSPF on the FortiGate firewall, to learn and share routes with the whole network.
Output showing that the Cisco router learned the route to 192.168.125.0/24 via OSPF:
Output showing that the control node can ping our Cisco router:
Output showing that the control node CANNOT ping PC5 (by design). We only need the control node to SSH into network devices:
All of this shows that the firewall is not preventing our control node from accessing our network. For our purposes, the firewall serves its purpose. I am well aware that in a real production network, there would be far more stringent controls needed to be applied.