Let's say for an example, you needed to provide the following range of host a public nat-range.
{10.1.10.0/24 10-90 // 209.23.XXX/XXX/24 10-90 }
Will doing this one line by one line , could take for ever. :(
So a script can be use that crafts the range. In these examples, I 1st made an "fw-ippool item"
configure firewall ippool
for ((a=100; a <= 149 ; a++))
do
echo "edit XOpool-209.23.xxx.$a"
echo "set endip 209.23.xxx.$a"
echo "set startip 209.23.xxx.$a"
echo "next"
echo "set endip 209.23.xxx.$a"
echo "set startip 209.23.xxx.$a"
echo "next"
done
#!/bin/bash
for (( b=10; b <= 90 ; b++))
do
echo edit internal-server-01-$b
echo "set subnet 10.1.101.$b 255.255.255.255"
echo "next"
done
And lastly, I generate my fwpolicies;
#!/bin/bash
for ((a=100; a <= 149 ; a++))
do
echo "edit 0"
echo "set srcintf WEBNETWORK-DMZ"
echo "set dstintf EXTERNAT-OUTSIDE"
echo "set srcaddr internal-server-01-$a"
echo "set dstaddr all"
echo "set action accept"
echo "set schedule always"
echo "set service ANY"
echo "set comments 1n1 SNAT something with starting address 10:10"
echo "set nat enable"
echo "set XOpool-209.23.xxx.$a enable"
echo "set poolname 192.204.1.$a"
echo "next"
done
Now we build the cfgs and copy them into the firewall or use the batch cfg upload. This script can be used for a host of other profiles, and/or applications. So hack around with it, but it's start if you need multiple repetive range of the exact same item.
Ken Felix
No comments:
Post a Comment