HomeSkillet Internet Gateway

Printer Friendly Page

Brief Description

HomeSkillet is a starter internet gateway configuration that builds on a modified version of IronSkillet for use in home networks. It includes interface, zone, NAT, and security policy configuration.

 

homeSkilletNetwork.png

 

Target Audience

Users who want to fast track a basic NGFW setup and configuration.

 

Skillet Details

Documentation: https://homeskillet.readthedocs.io/en/panos_v9.0/

Github Location: https://github.com/PaloAltoNetworks/HomeSkillet.git

Github Branches: panos_v9.0

PAN-OS Supported: 9.0, 9.1

Type of Skillet: Suite of workflow, panos, rest, validation, template, python

Collections: HomeSkillet
Purpose: setup or demo skillet workflow to configure the NGFW

 

Detailed Description

Running the HomeSkillet skillet leads into a section menu including:

 

  • workflow elements to perform such as clean config, content updates, configuration stages, validations
  • topology selection (currently on L3 routing is available)
  • additional add-ons such as DHCP UserID

 

Workflow Elements

  1. workflow skillet with selection menu of tasks to perform; starting point for the skillet
  2. python skillet that imports, loads, and commits a clean config; will replace an existing configuration
  3. python skillet to download and install the latest threat/app and AV content updates
  4. pre-load validation to show the stage 1 configuration is missing (should see all FAIL outputs)
  5. IronSkillet-based Day 1 Configuration; user should opt to commit for online validation
  6. post-load validation to show that stage 1 has been configured (should see all PASS outputs)
  7. topology configuration (interfaces, zones, NAT, DHCP)
  8. security policy configuration using IronSkillet security profiles
  9. optional userID configuration based on DHCP log events

Also embedded in the workflow are 'get list' skillets to pull interface and zone information from the firewall to use as dropdown lists for interface and zone selection.

 

Topology Selection

HomeSkillet currently supports a 2-interface, 2-zone L3 topology with a DHCP public interface.

It also applies source-based NAT and adds a DHCP server for the internal network.

 

Optional Add-Ons

DHCP UserID

Sends local DHCP log events to the management interface and uses DHCP host information to create a User-ID entry.

Does not support static IP addressed hosts.

 

Prerequisites

The following should be completed before running HomeSkillet:

 

  • ensure IronSkillet with the corresponding release branch is imported and checked out
  • firewall licenses activated including all threat, URL, and Wildfire subscriptions
  • updated with the latest or recommended software release
  • if using Panhandler: updated to 3.0 latest release
  • DHCP-based public ethernet interface


Additional details specific to each loading stage, variables, and release updates are found at https://homeskillet.readthedocs.io/en/panos_v9.0/