Add Support for Virtual Routers in nautobot-firewall-models #338
Description
Environment
Nautobot version:
Nautobot-firewall-models version:
Proposed Functionality
Add support for Virtual Routers within the nautobot-firewall-models plugin.
Currently, the firewall models support defining firewalls and their interfaces, policies, and related objects, but there is no native way to represent Virtual Routers (VRs) that exist inside multi-context firewall systems such as Palo Alto Networks, Fortinet, or Juniper SRX devices.
This enhancement would introduce a new model and relationships allowing users to define and associate Virtual Routers with specific Firewall instances, zones, and interfaces.
Use Case
Many enterprise firewalls, including Palo Alto Networks, support multiple Virtual Routers within a single physical or virtual firewall appliance. These VRs handle distinct routing tables and are often used to separate traffic domains for security or multi-tenancy.
By supporting Virtual Routers in Nautobot:
Users could document which interfaces and policies belong to specific VRs.
Routing relationships between VRs and other network devices could be accurately modeled.
Integrations and automation tools could query Nautobot to obtain routing and segmentation information per VR.
It would improve alignment between Nautobot’s data model and real-world firewall configurations.
Example workflow:
Define a Firewall instance (e.g., PA-3200 Series).
Add multiple Virtual Routers (e.g., VR-Internal, VR-DMZ, VR-WAN).
Associate interfaces and routes with each VR.
Optionally, define inter-VR routing or policy relationships.
Additional Context
The feature could follow the same pattern as existing models such as VirtualChassis or VRF, but scoped specifically to a firewall device and its logical separation of routing tables.
Optionally, it might include:
A VirtualRouter model.
A foreign key from FirewallInterface to VirtualRouter.
API and UI components for CRUD operations.
Import/export support for synchronization with automation tools.