HomeSkillet Internet Gateway

Printer Friendly Page

Brief Description

HomeSkillet is a starter internet gateway configuration that builds on a modified version of IronSkillet for use in home networks. It includes interface, zone, NAT, and security policy configuration.

 

homeSkilletNetwork.png

 

Target Audience

Users who want to fast track a basic NGFW Internet gateway setup and configuration in L3 or vwire mode.

 

Skillet Details

Documentation: https://homeskillet.readthedocs.io/en/panos_v9.0/

Github Location: https://github.com/PaloAltoNetworks/HomeSkillet.git

Github Branches: panos_v9.0

PAN-OS Supported: 9.0, 9.1

Type of Skillet: Suite of workflow, panos, rest, validation, template, python

Collections: HomeSkillet
Purpose: setup or demo skillet workflow to configure the NGFW

 

Detailed Description

Running the HomeSkillet skillet leads into a section menu including:

 

  • workflow elements to perform such as clean config, content updates, configuration stages, validations
  • network topology selection: L3 or vwire
  • additional add-ons such as DHCP UserID

 

Workflow Elements

  1. workflow skillet with selection menu of tasks to perform; starting point for the skillet
  2. python skillet that imports, loads, and commits a clean config; will replace an existing configuration
  3. python skillet to download and install the latest threat/app and AV content updates
  4. pre-load validation to show the stage 1 configuration is missing (should see all FAIL outputs)
  5. IronSkillet-based Day 1 Configuration; user should opt to commit for online validation
  6. post-load validation to show that stage 1 has been configured (should see all PASS outputs)
  7. topology configuration L3 or vwire options and associated elements
  8. security policy configuration using IronSkillet security profiles
  9. optional userID configuration based on DHCP log events

 

Also embedded in the workflow are 'get list' skillets to pull interface and zone information from the firewall to use as dropdown lists for interface and zone selection.

 

Topology Selection

HomeSkillet currently supports both L3 routing and virtual wire (vwire) options.

 

L3 Routing

2x interfaces and 2x zones, one each internal and internet.

virtual routing configuration

NAT

DHCP local server

 

Virtual Wire

2x interfaces and 2x zones, one each internal and internet.

virtual wire between the 2 interfaces

Optional Add-Ons

DHCP UserID [L3 mode only]

Sends local DHCP log events to the management interface and uses DHCP host information to create a User-ID entry.

Does not support static IP addressed hosts.

 

Prerequisites

The following should be completed before running HomeSkillet:

 

  • ensure IronSkillet with the corresponding release branch is imported and checked out
  • firewall licenses activated including all threat, URL, and Wildfire subscriptions
  • updated with the latest or recommended software release
  • if using Panhandler: updated to 3.0 latest release
  • DHCP-based public ethernet interface for L3 mode


Additional details specific to each loading stage, variables, and release updates are found at https://homeskillet.readthedocs.io/en/panos_v9.0/