Day 1 Configuration Tool: What Does It Do?

Community Manager

The Day 1 Configuration tool helps build a sturdy baseline configuration by providing templates that introduce best practice configuration as a foundation on which the rest of the configuration can be built.

 

When you access the Customer Support Portal (CSP) to register a new device, there is a new section at the end of the registration process that let's you run the Day 1 Configuration tool directly from there. 

 

Day 1 post registration.pngAccess to the Day 1 Configuration tool after registering a new device

 

If you already registered a device earlier and now want to run Day 1 after reading this awesome blog, you can do so from the Tools menu option in the Customer Support Portal.

 

NOTE: Make sure the device has already been registered, as the tool requests a serial number so it can determine the type of device for which you are running the tool.

 

Day1 post registration.pngAccessing the Day 1 Configuration tool if registration was already completed

 

The tool interface itself is super easy.

 

Day 1 Configuration tool variables.png

 

  • Provide the appropriate PAN-OS version that will be installed on the device
  • Provide a Hostname
  • Set the management IP to Static or DHCP and provide appropriate parameters
  • Set up email alerts and log forwarding
  • Click Generate Config File

 

day1 downloaded config.pngOnce completed, the Day 1 Config XML file is downloaded

 

The XML config file is automatically downloaded after it is generated. 

Before you move on to the next phase, make sure:

  • the firewall's licences have all been activated
  • software updates and content packages have been installed

This is important because the Day 1 Config files contain a few awesome features that will only work if the firewall has the appropriate packages loaded with active licences.

 

Lastly, access the firewall's Device > Setup > Operations tab, and "Import named configuration snapshot" to find the Day 1 Configuiration file you just downloaded and then "Load named configuration snapshot."

 

Import.png

 

Review the new elements that were added, add your own configuration, and Commit.

 

Some of the elements introduced in the Day 1 Config tool you will want to review include:

  • Monitor > Custom Reports
  • Policies > Security
  • Policies > Decryption
  • Objects > Addresses
  • Objects > External Dynamic Lists
  • Objects > All of the Security Profiles and Security Profile Groups 
  • Objects > Log Forwarding
  • Device > Server Profiles > Syslog and SMTP

 

 

Feel free to post any questions or remarks below.

 

Reaper out

 

Additional Resources

Knowledge Base Article: Day 1 Configuration: What Does It Do?

 

If you do like reading extensive how-to documentation, check these out:

The Best Practices Library

The IronSkillet Overview

1,081 Views
Ask Questions Get Answers Join the Live Community
Labels