The IronSkillet Day One Configuration templates are baseline configurations that you can import to your Next-Generation Firewall or Panorama. The templates are based on existing best practice recommendations from Palo Alto Networks. These pre-built configurations can be valuable for green-field deployments or can be used to merge with configurations from existing environments. This reduces configuration errors and improves your environment's security posture by adopting best practices instantly.
Now, how can you take advantage of these Best-Practice configurations? A great way to do so is by using Panhandler. It is an open-source application that allows you to import playback skillets listed on GitHub using a web interface.
Panhandler runs inside a docker container. The installation platform must support a docker environment. Download Docket Desktop here.
Once downloaded, ensure that Docker Desktop is running.
Open up your terminal and enter the following command.
curl -s -k -L http://bit.ly/2xui5gM | bash
After entering the command, allow it some time to download. Yours will look different than mine as it is already downloaded. At the end you should receive an output of "You may now use Panhandler by opening a web browser and browsing to http://localhost:PORT#"
admin@M-W39VQNK6T7 ~ % curl -s -k -L http://bit.ly/2xui5gM | bash
Welcome to Panhandler
Checking for image updates ... (This may take some time while the image downloads)
paloaltonetworks/panhandler:latest is already up to date!
Found container id of 21a10cd48dec
This container is up-to-date!
Panhandler is already up to date. Ensuring it's running
You may now use Panhandler by opening a web browser and browsing to http://localhost:8080
admin@M-W39VQNK6T7 ~ %
Voila! Panhandler is now downloaded.
Open up your web browser and enter the localhost and port specified during your download. If you have issues with getting no response from the localhost. Try restarting the docker process.
To view the container ID of Panhandler, enter the command "docker container ls"
admin@M-W39VQNK6T7 ~ % docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21a10cd48dec paloaltonetworks/panhandler:latest "/app/cnc/tools/ph.sh" 39 minutes ago Up 4 seconds 0.0.0.0:8080->8080/tcp panhandler
Then enter the command "docker restart 21a10cd48dec"
When you are able to access Panhandler, you will be prompted with a login. Enter the default credentials (paloalto/panhandler).
When you're logged in you will see all the skillets available for use!
Skillets are available for PAN-OS, Panorama, and have base configs for PAN-OS version 10.1. You can submit configurations by configuring the target information of your desired Firewall or Panorama. Additionally, you can receive full XML and set commands to manually import/enter it onto your target device.