SRX - Using go-junos to quickly build and deploy IPsec VPN's

IPsec VPN's are a very efficient and secure way to establish connectivity between remote sites. If you have multiple locations, building the configurations can be a bit cumbersome and take a bit of time. I'll show you an example of how using the go-junos API library can make this a very easy task. Building Our VPN You will need to create a configuration on both ends, but for this example, let's assume that you only manage the headend SRX, and the remote site is a vendor's firewall. Connect to the…

Keep reading

SRX - How to convert zone-based address books to a global one

Zone-based vs Global When dealing with address objects on an SRX running older versions of Junos, they typically would employ a zone-based address-book for it's configuration. When using a zone-based address-book, the address objects referenced in the security policies are created per zone, which means that every zone will have an address-book configuration, and could potentially have duplicate objects. Newer Junos versions use a global address-book configuration. The global address-book reduces complexity in your configuration by managing all address objects in one spot, and if you need to reference the…

Keep reading

NXTWORK 2015: The Recap

A couple of weeks ago I attended the inaugural customer summit that Juniper Networks put on called NXTWORK. I was excited to see that Juniper finally put on something like this here in the 'states, and it was well worth the wait! Being part of their Ambassador program, I got to travel to their Sunnyvale HQ each year with the rest of the Ambassadors. This is awesome in itself, as we get a lot of private sessions with many different PLM's and people from all aspects of Juniper. But this…

Keep reading

Go BIG(-IP) or Go Home

I really love leveraging API's to get more out of some of the tasks that I do, and to interact with a lot of the systems that I work on. One of my favorites is the F5 LTM load-balancer. It's quite the platform, and if any of you have ever worked with/on one...I'm sure you can relate. Newer in version 11.4+, is the ability to manage your F5 using a REST API. This is a framework that sits atop of tmsh. Using this API makes it extremely…

Keep reading

go-junos & Windows Azure IPs

In a previous blog post, I gave an example of how I use the go-junos library to help automate creating and modifying address objects and variables in Junos Space. Here's another good, time saving example of creating multiple address groups to be used within a policy. Background: Windows Azure We have multiple development teams here that need to publish their work/apps to the Azure cloud. Without totally circumventing the firewall and allowing full access out, it was a bit of a challenge to allow them to publish to a…

Keep reading