Aerleon is a lightweight library which generates firewall configurations from a normalized data model. Users of the library provide their intention in the form of data (which can be expressed in several ways) and the library generates configuration.
Aerleon provides a per firewall platform configuration generator. It loads data in a single standard format and generates a configuration for each target platform.
The data primarily consists of:
- Policy Files that represent the actual firewall rules.
- Address Files that represent the addresses, in the form of named objects.
- Service Files that represent the services, in the form of named objects.
Supported Configuration Formats¶
- Legacy Capirca formats
- Native Python
Core Supported Generators¶
- Cisco ASA
- Cisco NX
- Cisco XR
- Cloud Armor
- Juniper EVO
- Juniper MPC
- VMWare NSXV
- Packet Filter
- Palo Alto
- PCAP Filters
- Advanced Firewall
Audience (User Personas)¶
- Anyone who is managing firewall configurations.
- Anyone who wants to manage configurations using Infrastructure as Code (IaC) concepts.
- Anyone who wants to manage a multi-firewall configuration in a single normalized manner.
Authors and Maintainers¶
- "Rob Ankeny firstname.lastname@example.org"
- "Jason Benterou email@example.com"