Cloning Firewall rules

Hi BrianT ,
We are working on publishing bulk management of internet firewall and wan firewall rules through terraform very soon, would you be open to setting up a workshop to walk through how we can help manage in this way using terraform?

Hello BrianT,

I think there are two questions here:

1. How do I port an IFW rulebase from one account to another.
2. How do I set up a template for IFW rules I can use to provision new accounts with my preferred best practice set of rules.

For the first requirement, you would use the policy.internetFirewall.policy query to read the existing rules from the first account, then you'd need to transform those into the right inputs for the policy.internetFirewall.addSection, policy.internetFirewall.addRule and policy.internetFirewall.publishPolicyRevision mutations to load the IFW policy into the second account.

The second requirement is similar but instead of reading the policy from an existing account you would be starting with an IFW policy defined in something like JSON or YAML.

If I was doing either of these, I'm most comfortable with Python, so I'd just script it. The second use case in particular though sounds like a good candidate for something like Terraform, so if this is interesting to you, it might be worth checking out the resources in our Github repo: https://github.com/catonetworks/terraform-provider-cato