How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment

What is Network Automation

-

The process of automating the configuration, management, testing, deployment, and operation of physical and virtual devices within a network is known as network automation. The availability of network services increases as routine network operations and functions are automated and repetitive processes are regulated and handled automatically.

Network automation can be used with any kind of network. Network automation can be implemented by data centers, service providers, and businesses to increase productivity, decrease human error, and cut operational costs.

No alt text provided for this image
Advantages of Network Automation

Why Automate Our Network?

The rising cost of IT for network operations is one of the greatest problems facing network managers. Manual procedures are all but impossible when data and device growth begin to overtake IT capabilities. However, up to 95% of network changes are carried out manually, leading to operational expenses that are two to three times higher than the network's purchase price. Businesses must increase IT automation that is centrally and remotely managed in order to keep up with the digital world.

  • LOW COST
  • LOWER ERRORS
  • HIGH UPTIME
  • INCREASED AGILITY
  • EFFECTIVE STAFF
  • BETTER NETWORK CONTROL

No alt text provided for this image
Up-time

Up to 95 percent of network changes today are done manually.

No alt text provided for this image
Manual work

Manual changes lead to configuration errors and inconsistencies in the network.


No alt text provided for this image
Problematic

Expanding network changes at scale can be problematic.


No alt text provided for this image
Detrimental

Network downtime and nonremote troubleshooting time are detrimental.


With network automation, you can quickly and easily create, provision, and implement policies throughout your network. And you decide the speed and the route for your trip toward automation. You can either work with the current network and policy definitions or you can start from scratch.

  • Day-to-day activity can be automated using network automation (Say: You want to ping all your devices and check the connectivity for your network so for this you and run a Tcl Script for it.)
  • Repetitive processes can be controlled and managed automatically (like creating and deleting multiple VLANs.)
  • Improves the Network service availability (Providing your regular automated updates.)
  • Avoid human errors & help in doing fast configuration.
  • Elimination of repetitive tasks.

Note: Above we have mentioned very basic things, you can do a lot more beyond your imagination through automation even though we have multiple tools available in the market for network automation like Cisco DNA, Netbrain, SolarWinds, etc.

No alt text provided for this image

How it works?

How does Network Automation work?

A network can be automated in a variety of ways, and a variety of network elements can also be automated. Between the two extremes of automation software and command line automation, there are most network automation solutions.

Using common CLI commands and arguments, you may automate network components at the most fundamental level. Administrators of Linux operating systems, for instance, can utilize Bash operators to chain actions based on the success (&&) or failure (||) of prior commands. Or, users might create shell scripts by compiling command lists into text files that can be executed repeatedly all at once with a single command.

Network tasks can be combined by automation software products into ready-made programmers that can be chosen, scheduled, and run from the app's front end.

What can be Automated?

Plug & Play provisioning

  • Automate the deployment of a new device
  • Obtain Initial image/configuration
  • Reduces the time a new device takes and becomes functional

Path segregation via the dynamic overlay network

Dynamic QoS Policies

Dynamic Securities policies

Impact of Network Automation

Network management is highly impacted by Automating the network, we get a lot of things through automating the network. Reduce the cost of operation, eliminate the errors of humans, consistency of configuration, better control over network & elastic scaling.

Comments

Post a Comment

Popular posts from this blog

How to Configure VXLAN in FortiGate Firewall

-
Image
How to Configure VXLAN in FortiGate Firewall A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between. Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600 Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall. Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN. Ø We have configured VLAN and VXLAN on both the FortiGate Firewall. Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain.           FortiGate Firewall Configuration VXLAN Configuration: - FGT-1: config system vxlan     edit "vxlan3500"         set interface "port
Read more

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Read more

Python Script to take the Backup of Multiple device in a Network

-
Image
from netmiko import ConnectHandler Sw_1 = { 'device_type': 'cisco_ios', 'host': '192.168.6.10', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_2 = { 'device_type': 'cisco_ios', 'host': '192.168.6.20', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_3 = { 'device_type': 'cisco_ios', 'host': '192.168.6.30', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional,
Read more