Expedition – The Glue Between IronSkillet and Best Practices

Printer Friendly Page

Expedition – The Glue Between IronSkillet and Best Practices

As you already know, Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet.

https://github.com/PaloAltoNetworks/iron-skillet 

 

IronSkillet is basically a template that provides several best practices to minize the time to deploy a Day 1 Configuration in your Palo Alto Networks devices.

 

With this article, we show you how to create a new Base Configuration file plus remediate some of the checks failed at the time to run the BPA and export that configuration to your device. With this example, you will get a config that is 67% following the BPA recomendations.

Comments

Followed steps in pages 8 and 9 of the attachment, however, the errors/warning do not remediate. Using version 1.1.12 and BP:3.6.3

 

All internal checks are green and jobs and tast manager is Green, with 0 pending.

 

Why is this failing and what does remediate exactly do? Which logs can be reviewed to understand why remediate is not working?

 

Thanks.

Ho

Anyone?? Thanks

 

Ho

Only the Checks with the Dark Gray bag can be remediated by selecting them and clicking the Remediate button from the bottom bar. Only checks under Device Config can be remediated.

Thanks for the reply. It might be a good idea to add these restrictions to the admin guide...

 

Ho