Firewall-Configuration-Server for an international Trading-Concern
Application Area
The server is only internally for the concern available and will be used in three different settings:
- Initially all new firewalls are set up with the generated configuration and then shipped to the location.
- In case of failure an engineer can generate the configuration for the replacement device.
- If changes of the configurations are necessary, this is the central place where the changes are incorporated.
Interfaces
The server provides several interfaces with which configuration-files and metadata can be obtained:
- The website of a store-location with configurations and additional informations like opening hours and address.
- The download of many different configurations as ZIP-archive, whereat the input is done by uploading a simple CSV-file.
- A HTTP-GET API with which configurations and metadata can be obtained directly.
- A maintenance/debugging user interface, that makes an SNMP-Request via AJAX and JavaScript and displays the result in a filterable fashion.
The right Tools
The Server is written in Python. As web-framework I used the lightweight Flask. The required data is picked up from several sources: DNS, LDAP, SNMP, a HTTP-PUSH-based system—through that data is received as XML, validated with XSD and updated—as well as further locally availale files.
Administration
The server-configuration is made by me, too. The Apache2 webserver serves the page using mod_wsgi, mod_authz_ldap and mod_ssl. Access is limited via LDAP-Groups and always encrypted with HTTPS.
Screenshot
the design is limited to the essentials and explains the available possibilities.
