Day 1 Configuration Tool: What Does It Do?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cyber Elite
Cyber Elite



The Day 1 Configuration tool helps build a sturdy baseline configuration by providing templates that introduce best practice configuration as a foundation on which the rest of the configuration can be built.


When you access the Customer Support Portal (CSP) to register a new device, there is a new section at the end of the registration process that lets you run the Day 1 Configuration tool directly from there. 


Access to the Day 1 Configuration tool after registering a new deviceAccess to the Day 1 Configuration tool after registering a new device


If you already registered a device earlier and now want to run Day 1 after reading this awesome blog, you can do so from the Tools menu option in the Customer Support Portal.


NOTE: Make sure the device has already been registered, as the tool requests a serial number so it can determine the type of device for which you are running the tool.


Run Day1 ConfigurationRun Day1 Configuration


The tool interface itself is super easy.


day1 config.png


  • Provide the appropriate PAN-OS version that will be installed on the device
  • Provide a Hostname
  • Set the management IP to Static or DHCP and provide appropriate parameters
  • Set up email alerts and log forwarding
  • Click Generate Config File


Once completed, the Day 1 Config XML file is downloadedOnce completed, the Day 1 Config XML file is downloaded


The XML config file is automatically downloaded after it is generated. 


Before you move on to the next phase, make sure:

  • the firewall's licences have all been activated
  • software updates and content packages have been installed

This is important because the Day 1 Config files contain a few awesome features that will only work if the firewall has the appropriate packages loaded with active licences.


Lastly, access the firewall's Device > Setup > Operations tab, and "Import named configuration snapshot" to find the Day 1 Configuiration file you just downloaded and then "Load named configuration snapshot."




Review the new elements that were added, add your own configuration, and Commit.


Some of the elements introduced in the Day 1 Config tool you will want to review include:


  • Monitor > Custom Reports
  • Policies > Security
  • Policies > Decryption
  • Objects > Addresses
  • Objects > External Dynamic Lists
  • Objects > All of the Security Profiles and Security Profile Groups 
  • Objects > Log Forwarding
  • Device > Server Profiles > Syslog and SMTP



Feel free to post any questions or remarks below.


— Reaper out


Additional Resources

Knowledge Base Article: Day 1 Configuration: What Does It Do?


If you do like reading extensive how-to documentation, check these out:

The Best Practices Library

The IronSkillet Overview


Register or Sign-in
About the Author
I drink and I know things
Top Liked Authors