Assimilator: Automatic Firewall Rule Orchestator

Comments Off on Assimilator: Automatic Firewall Rule Orchestator

The first restful API to control all firewall brands. Configure any firewall with restful API calls, no more manual rule configuration. Centralize all your firewalls into one API.

Multiplatform

  • Palo Alto
  • Juniper
  • Cisco
  • Fortinet
  • Checkpoint
  • PfSense
  • AWS

Authentication

  • API key through HTTP headers.
  • Flexible authorization, allow certain URI path with certain HTTP methods.

JSON

  • All request/response body are in JSON. No more XML, plain text or custom responses.

Python

  • Fully scripted in Python Flask.
  • Easy to update and add new modules.
  • Ready for any automatic task.

Open Source

  • No more Panorama, CSM or NSM.
  • Integrates with Apache2 with mod WSGI.
  • Assimilator gives a full RESTful experience for free.

How it works

All firewalls share a common ground on their configuration, for example:

  • List of commands showing the actual configuration (AKA the running configuration).
  • Rules or policies filtering IP packets.
  • Objects:
    • Addresses (i.e. 10.1.1.1 <-> Administration_Server).
    • Address group (i.e. Administration_Farm <-> [ Administration_Server01 , Administration_Server02 ]).
    • Port or service (i.e. TCP/80 <-> http).
    • Port or service group (i.e. Application_ports <-> { TCP/6600 , TCP/6610 }).
  • Interfaces.
  • Zones.
  • Routing table.
  • PBR (policy based route).

Assimilator makes it possible to configure via the five RESTful methods all these portions of configuration with JSON objects:

  • GET: Show the object.
  • POST: Add new object.
  • PATCH: Append new data to object.
  • PUT: Replace data in object.
  • DELETE: Remove object from configuration.

URL Format

/api/site/resource

Example

Request: GET /api/headquarters/config

Response: HTTP 200
{"config" : "<...>"}

Request: POST /api/branch/rules
{"name" : "Test01", "from" : "trust", "to" : "untrust",
"source" : "10.1.1.1", "destination" : "8.8.8.8", "action" : "allow",
"application" : "junos-dns-udp"}
Response: HTTP 201
{}
Request: DELETE /api/branch1/rules
{"name" : "Permit Any"}
Response: HTTP 200
{}

Request: PUT /api/branch2/objects/address-group
{"name" : "Admin_Servers", "members" : [ "Server02" ] }
Response: HTTP 200
{}

Request: PATCH /api/paloalto/headquarters/route
{"name" : "internal", "destination" : "10.0.0.0/8", "next-hop" : "172.16.1.2" }
Response: HTTP 200
{}

Installation

With Docker (recommended):

cd /opt
git clone https://github.com/videlanicolas/assimilator && cd assimilator
./generate_certificate.sh
docker build -t assimilator /opt/assimilator/
docker run -d -p 443:443/tcp assimilator

Without Docker:

cd /opt
git clone https://github.com/videlanicolas/assimilator && cd assimilator
./generate_certificate.sh
sudo ./install.sh

Documentation

Read the documentation.

Related Articles