nembery / django-pan-cnc Goto Github PK

Background mapping of G-S-B, size, and term to an SP VM-series SKU. Set internal variable to this value. This value to be displayed in the second panel for Panorama configuration as read only.

FUTURE: Map the SKU to a related authcode as part of a CSSP demo. SKU here sets the stage.

The Panorama IP in the Vistoq demo is in the env file outside the GUI. This demo is specific to Panorama and a fixed system. However, need a way for more generic usage to input the IP address and user/password to autogenerate the API key.

Tool should also have a model for NGFW vs Panorama configuration option.

There are various use cases for the reset. Variations specific to with/without > 1 users and with/without GPCS as part of the demo. The demo system should also remove licenses from the fw before deleting the image.

For a basic single user w/out GPCS, easy to go into Panorama and delete all device-groups and stacks then commit. Or use the Vistoq portal to go to a preset configuration file. This puts Panorama back to the initial state. In relation, the instantiated firewalls can be deleted from the portal. In this case, the automated model would:

1. Reset Panorama to baseline or delete device-groups and stacks (assumes no other config changes) with a commit
2. Return the fw licenses back to the pool
3. Delete the fw instances

If GPCS is included in the demo it gets a bit more complex. Panorama should remove all of the remote network configurations, commit and push to the cloud. This ensures the cloud config is sync'd. In the current version of Panorama (no multi-tenancy) the DG and stack stay as part of the core. In future versions, the demo may require core and remote_network config deletions.

Flow may be for simple remote network demo:

1. Remove all remote networks and commit to the cloud

A full demo including a new core (non-multitenancy) may require reset of Panorama to a snapshot image, just after the OTP is added. Early version of GPCS had issues with modifying the core configuration including changes to the infrastructure subnet. Once reset then a commit to the cloud to sync.

Multi-user demos as required will require more precise deletions. Thus likely manual with proper documentation. More complex solution would be to keep state of each demo addition and back out specific pieces.

1. Delete any DG/stacks for VM demos.
2. Delete the VM instances with license returned to the pool
3. Delete remote_network configurations (inc. IPSEC/IKE elements)

The device name in the simple demo model is used to create the device-group and stack using the FW_NAME value. Need to confirm and/or correct the issue where the instantiated FW doesn't link to its respective DG and stack.

Currently the device will connect to Panorama and show connected. It will also get the proper hostname. However in Panorama, the serial-number not auto associated to the DG and stack. Assumption that the init-cfg file not populated with these values.