Expedition, IronSkillet, and Best Practices

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
L7 Applicator
No ratings

Expedition – The Glue Between IronSkillet and Best Practices

 

As you already know, Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet.

https://github.com/PaloAltoNetworks/iron-skillet 

 

IronSkillet is basically a template that provides several best practices to minize the time to deploy a Day 1 Configuration in your Palo Alto Networks devices.

 

With this article, we show you how to create a new Base Configuration file plus remediate some of the checks failed at the time to run the BPA and export that configuration to your device. With this example, you will get a config that is 67% following the BPA recomendations.

Rate this article:
(1)
Comments
L2 Linker

Followed steps in pages 8 and 9 of the attachment, however, the errors/warning do not remediate. Using version 1.1.12 and BP:3.6.3

 

All internal checks are green and jobs and tast manager is Green, with 0 pending.

 

Why is this failing and what does remediate exactly do? Which logs can be reviewed to understand why remediate is not working?

 

Thanks.

Ho

L2 Linker

Anyone?? Thanks

 

Ho

L7 Applicator

Only the Checks with the Dark Gray bag can be remediated by selecting them and clicking the Remediate button from the bottom bar. Only checks under Device Config can be remediated.

L2 Linker

Thanks for the reply. It might be a good idea to add these restrictions to the admin guide...

 

Ho

  • 26331 Views
  • 4 comments
  • 3 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎05-26-2020 03:13 PM
Updated by:
Retired Member