Firewall-Configuration-Server for an international Trading-Concern

In the course of a new IP-concept the stores of an international Trading-Concern are equiped with new firewalls. To be able to cope with the sheer amount of new configurations, I wrote a Server that generates the right data for each location.

Application Area

The server is only internally for the concern available and will be used in three different settings:

  1. Initially all new firewalls are set up with the generated configuration and then shipped to the location.
  2. In case of failure an engineer can generate the configuration for the replacement device.
  3. If changes of the configurations are necessary, this is the central place where the changes are incorporated.


The server provides several interfaces with which configuration-files and metadata can be obtained:

  • The website of a store-location with configurations and additional informations like opening hours and address.
  • The download of many different configurations as ZIP-archive, whereat the input is done by uploading a simple CSV-file.
  • A HTTP-GET API with which configurations and metadata can be obtained directly.
  • A maintenance/debugging user interface, that makes an SNMP-Request via AJAX and JavaScript and displays the result in a filterable fashion.

The right Tools

The Server is written in Python. As web-framework I used the lightweight Flask. The required data is picked up from several sources: DNS, LDAP, SNMP, a HTTP-PUSH-based system—through that data is received as XML, validated with XSD and updated—as well as further locally availale files.


The server-configuration is made by me, too. The Apache2 webserver serves the page using mod_wsgi, mod_authz_ldap and mod_ssl. Access is limited via LDAP-Groups and always encrypted with HTTPS.


the design is limited to the essentials and explains the available possibilities.

Screenshot of the servers homepage

Thursday, February 27, 2014 3:22:48 PM Europe/Berlin