Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSO] How to view the config generated after adding firewall policy intents in CSO UI

0

0

Article ID: KB36605 KB Last Updated: 25 Mar 2021Version: 1.0
Summary:

Contrail Service Orchestration (CSO) provides the ability to create, modify, and delete firewall policies from the CSO UI. Firewall policies are intent-based and CSO analyzes the intent and then translates it to configuration that devices running Junos OS can understand.

This article explains how to view the configuration that is generated after adding firewall policy intents in the CSO UI.

Solution:

In this example, we create a simple firewall policy from the CSO UI, select the site to apply the policy, and then add an intent. After the intent is added, we demonstrate how to view the configuration that is generated.

Steps

  1. In this example, we first create a simple firewall policy from the CSO UI.

In the CSO UI, go to the tenant page and navigate to Configuration > Firewall > Firewall Policy.

Create a firewall policy, select the site to apply the policy, and add an intent.

  1. In this example, we add a simple intent to allow the site to access Internet services.

  1. We then deploy the firewall policy.

  1. Now we can check what configuration the above intent has translated to.

  • Navigate to the Monitor > Jobs page and click the firewall configuration job that was created.

  • A View link will be provided under Configuration, which will show you the configuration that the intent was translated to and which will be added to the site configuration.

  • During firewall policy creation, two jobs are created in CSO: firewall policy job and deploy job.

  1. .Click the firewall policy job and view its configuration.

The above screenshot shows the configuration that our intent specified in the policy has been translated to.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search