Jinja2 template sample scripts

Below are the Jinja2 template sample scripts used within this example.

cfg_FG

config system global
      set hostname {{ branch_hostname }}      
end

cfg_IPsec

{# define a list of tunnels #}
{% 
  set tunnels= [
    {
      'tunnelname':'HUB1-VPN1', 
      'remote_IP':'101.8.71.21',
      'network_id':'1',      
      'interface':'port2'
    },
    {
      'tunnelname':'HUB1-VPN2', 
      'remote_IP':'102.8.71.21', 
      'network_id':'2', 
      'interface':'port3'
    },
    {
      'tunnelname':'HUB2-VPN1', 
      'remote_IP':'101.8.71.22', 
      'network_id':'5',      
      'interface':'port2'
    },
    {
      'tunnelname':'HUB2-VPN2', 
      'remote_IP':'102.8.71.22', 
      'network_id':'6',      
      'interface':'port3'
    },
  ] 
%}


config vpn ipsec phase1-interface
  {%- for tunnel in tunnels %}
    edit {{ tunnel.tunnelname }}
        set interface {{ tunnel.interface }}
        set ike-version 2
        set peertype any
        set net-device enable
        set mode-cfg enable
        set proposal aes256-sha256
        set add-route disable
        set localid Branch{{branch_id}}
        set auto-discovery-receiver enable
        set auto-discovery-shortcuts dependent        
        set network-overlay enable
        set network-id {{ tunnel.network_id }}
        set remote-gw {{ tunnel.remote_IP }}
        set psksecret qa123456
    next
  {% endfor %}
end
    

config vpn ipsec phase2-interface
  {%- for tunnel in tunnels %}
    edit {{ tunnel.tunnelname }}
        set phase1name {{ tunnel.tunnelname }}
        set proposal aes256-sha256
        set auto-negotiate enable
    next
  {% endfor %} 
end

config system interface
  {% for tunnel in tunnels %}
    edit {{ tunnel.tunnelname }}
      set allowaccess ping
    next
  {% endfor %}
End

config system interface
  {% for tunnel in tunnels %}
    edit {{ tunnel.tunnelname }}
      set allowaccess ping
    next
  {% endfor %}
end

cfg_BGP

{# define the neighbors #}
{% 
set neighbors= [
  {
    'neighborID':'31', 
    'interface': 'HUB1-VPN1'
  },
  {
    'neighborID':'63', 
    'interface': 'HUB1-VPN2'
  },
  {
    'neighborID':'159', 
    'interface': 'HUB2-VPN1'
  },
  {
    'neighborID':'191', 
    'interface': 'HUB2-VPN2'
  },
] 
%}

{# define function  build_bgp() #}
config router bgp
    set as 65000
    set router-id 172.16.0.{{branch_id}}
    set ibgp-multipath enable
    set additional-path enable
    set recursive-next-hop enable
    set graceful-restart enable
    set additional-path-select 4
    config neighbor
       {%- for item in neighbors %}
        edit 10.10.{{item.neighborID}}.253
            set advertisement-interval 1
            set capability-graceful-restart enable
            set link-down-failover enable
	        set soft-reconfiguration enable
            set description {{item.interface}}
	        set interface {{item.interface}}
            set remote-as 65000
            set connect-timer 10
            set additional-path receive
	    next
       {% endfor %}
    end
end

cfg_SDWAN

{%
  set zone= [
    {
      'name':"WAN1",
      'member':'port2',
    },
    {
      'name':"WAN2",
      'member':'port3',
    },
    {
      'name':"HUB1",
      'member':'HUB1-VPN1',
    },
    {
      'name':"HUB1",
      'member':'HUB1-VPN2',
    },
    {
      'name':"HUB2",
      'member':'HUB2-VPN1',
    },
    {
      'name':"HUB2",
      'member':'HUB2-VPN2',
    },
  ]
%}

config system global
set hostname {{branch_id}}
end

{# Config SDWAN Zone and Zone Member #}
config system sdwan
    set status enable
    config zone
    {%- set exclude_zone = [] %}
    {%- for item in zone if item.name not in exclude_zone  %} 
        {{ exclude_zone.append(item.name) or ""}}
        edit {{ item.name }}
        next
    {% endfor %}
    end

    config members
    {%- for i in zone %}
      edit {{ loop.index }}
          set interface {{ i.member }}
          set zone {{ i.name }}               
      next
      
    {% endfor %}
    end