Environment

• Nautobot version:
• nautobot-plugin-firewall-model version: 1.0.2

Proposed Functionality

It would be really cool to add Applications as well for NGFW Firewalls Like Palo Alto.
In a Palo Alto you can define Applications to a Policy Rule (see Screenshot)

https://capture.dropbox.com/6KVFT8BFA2tt3Fzk

Use Case

Automate Firewall rules with Nautobot and a Firewall like Palo Alto or Fortinet and all other FWs which are using Application detection.

Hi,
Here also thinking into that. Some coffe around into that idea already. Fortinet (Fortimanger) and Checkpoint (Chekpoint MSDM) today's own landscape.
Some thoughts:

• Arista SSO module (2way integration to external endpoint) should be a nice starting point ?
• Mapping between Tenant in nautobot and ADOM within the intergated one as must to have ?
  • Mapping of root ADOM for integrated endpoint?
• Some of firewall management tools provide more features than interface to firewalling. (p.e, Fortimanager => SDWAN, SSLVPN. Within my scope, SD-WAN is provided by both FMG and Velocloud deployments)
• Develep per endpoint Plugin + normalization/homogenization layer within plugin-firewall-module ?
  • Add-on (plugin-firewall-module). Naming convention for objects across integrated platforms ? Several naming convention objects must be applied to a single policy.
  • Add-on (plugin-firewall-module). Service (end to end flow) modeling on top ? Thought: besides % of ACL changes that rely on a simple object modification (no ACL creation) services within the orgainzation could be responding to some kind of catalog. Offer the ability to model this catalog top down to ruleset modifications.

Hope it adds to the case

@itdependsnetworks sounds like application dictionary 🙂

Currently working on this and should be part of v2.0.0