Firewall-Configuration-Server for an international Trading-Concern
In the course of a new IP-concept the stores of an international Trading-Concern are equiped with new firewalls. To be able to cope with the sheer amount of new configurations, I wrote a Server that generates the right data for each location.
The server is only internally for the concern available and will be used in three different settings:
- Initially all new firewalls are set up with the generated configuration and then shipped to the location.
- In case of failure an engineer can generate the configuration for the replacement device.
- If changes of the configurations are necessary, this is the central place where the changes are incorporated.
The server provides several interfaces with which configuration-files and metadata can be obtained:
- The website of a store-location with configurations and additional informations like opening hours and address.
- The download of many different configurations as ZIP-archive, whereat the input is done by uploading a simple CSV-file.
- A HTTP-GET API with which configurations and metadata can be obtained directly.
The right Tools
The Server is written in Python. As web-framework I used the lightweight Flask. The required data is picked up from several sources: DNS, LDAP, SNMP, a HTTP-PUSH-based system—through that data is received as XML, validated with XSD and updated—as well as further locally availale files.
The server-configuration is made by me, too. The Apache2 webserver serves the page using mod_wsgi, mod_authz_ldap and mod_ssl. Access is limited via LDAP-Groups and always encrypted with HTTPS.
the design is limited to the essentials and explains the available possibilities.