Matt Schmitz/ June 7, 2017

So maybe you’re like me – you’ve done a bit of everything in the past, but now you’ve specialized on something (like networking). Know what the best part of that is? Using all that knowledge and experience to make things happen. In this case, I’m talking about some of my prior experiences in scripting in automation, paired with some pretty great network APIs.

One thing my current job has never had is a good way to view VPN tunnel status between our firewalls. Our Check Point firewalls don’t really provide a good high-level view, which has unfortunately caused some confusion around whether or not a site-to-site VPN tunnel is currently established. Luckily, over the past year I’ve had the opportunity to install over 20 new Juniper SRX firewalls – mostly made up of SRX 1500 and SRX 345 models. I’ve written a bit before about the JunOS APIs and pyEZ (their Python library), but I’m always really excited at a new use case for network automation.

So recently I decided that it would be great to build a web-based dashboard, which would query all of our SRX firewalls for currently connected VPN tunnels. Approximately 90% of the current tunnels are site-to-site between our own data center locations, with the other 10% being external to customers. My idea was that I would have a simple HTML table, which would show each data center along the top and bottom and whether or not each was connected to each other, kinda like this:

Location 1 Location 2Location 3Location 4
Location 1 N/AUPUPUP
Location 2UPN/AUPDOWN!
Location 3UPUPN/AUP
Location 4UPDOWN!UPN/A

I wasn’t really concerned about making it look fancy – just dynamically updatable by whatever backend mechanism I used. Speaking of which, I had also assumed I would just be writing some simple Python script to pull VPN info from each device, then just write it to an HTML file. I haven’t really done much web stuff with Python in the past, so I set out to learn a bit and figure out what the best approach might be.

I ended up settling on trying out Django to write the frontend web stuff. I had never used it before, but I’ve been interested in trying – and what’s a better time to learn, than when you have something that needs to be accomplished? One thing that really pushed me towards Django for this project was the built-in administration page. This was huge for me, because it meant that I could easily have a way for other people to update the web dashboard. Whenever a new location came online, I wouldn’t have to go update the script directly – anyone on my team could log into the admin page and make the changes.

In this post I just wanted to get through what my ideas were behind this project. In the next few weeks, I’ll begin explaining how I built the dashboard using Django and use pyEZ to scrape VPN status from each firewall. Thoughts? Drop a comment below!


This is a multi-part series – Check out the other posts:

About Matt Schmitz

Herding packets since 2007. Perpetually trying to automate myself out of a job. I believe that all problems can be solved by implementing more IPv6. Disclaimer: All opinions posted here are my own, and do not represent any vendor or current/former employer.

2 Comments

  1. Hi, just found your post.. exactly what im looking for.

    1. Thanks! I’m glad this is helpful to you

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.