The Day 1 Configuration tool helps build a sturdy baseline configuration by providing templates that introduce best practice configuration as a foundation on which the rest of the configuration can be built.
When you access the Customer Support Portal (CSP) to register a new device, there is a new section at the end of the registration process that let's you run the Day 1 Configuration tool directly from there.
Access to the Day 1 Configuration tool after registering a new device
If you already registered a device earlier and now want to run Day 1 after reading this awesome blog, you can do so from the Tools menu option in the Customer Support Portal.
NOTE: Make sure the device has already been registered, as the tool requests a serial number so it can determine the type of device for which you are running the tool.
Accessing the Day 1 Configuration tool if registration was already completed
The tool interface itself is super easy.
Provide the appropriate PAN-OS version that will be installed on the device
Provide a Hostname
Set the management IP to Static or DHCP and provide appropriate parameters
Set up email alerts and log forwarding
Click Generate Config File
Once completed, the Day 1 Config XML file is downloaded
The XML config file is automatically downloaded after it is generated.
Before you move on to the next phase, make sure:
the firewall's licences have all been activated
software updates and content packages have been installed
This is important because the Day 1 Config files contain a few awesome features that will only work if the firewall has the appropriate packages loaded with active licences.
Lastly, access the firewall's Device > Setup > Operations tab, and "Import named configuration snapshot" to find the Day 1 Configuiration file you just downloaded and then "Load named configuration snapshot."
Review the new elements that were added, add your own configuration, and Commit.
Some of the elements introduced in the Day 1 Config tool you will want to review include:
Monitor > Custom Reports
Policies > Security
Policies > Decryption
Objects > Addresses
Objects > External Dynamic Lists
Objects > All of the Security Profiles and Security Profile Groups