Prisma Access Skillets

Printer Friendly Page

Brief Description

A suite of deployment, configuration, and service information skillets for Prisma Access mobile users including:

 

  • Panorama instantiation in Azure or AWS
  • Panorama licensing, content updates, software updates, and basic configuration
  • Prisma Access service setup, mobile user, and remote network configuration/onboarding
  • Prisma Access API queries to view service information

 

Target Audience

This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using Prisma Access and looking for simplified Panorama deployment and configuration.

 

Skillet Details

Documentation: https://github.com/PaloAltoNetworks/prisma-access-skillets/blob/master/README.md

Github Location: https://github.com/PaloAltoNetworks/prisma-access-skillets.git

Github Branches: master

Panorama Versions Supported: 9.0.x running cloud services plugin version 1.5 (9.1 not currently supported)

Type of Skillet: panorama, python, terraform, docker

Collections:

  • Prisma Access Deploy Panorama
  • Prisma Access Configure Service Setup
  • Prisma Access Configure Mobile Users
  • Prisma Access Configure Remote Networks
  • Prisma Access Assess Tools

 

Full Description

The description below gives an overview of the skillet elements. For detailed information regarding prerequisites and skillet usage please review the Prisma Access Skillet documentation.

 

Playing the skillets currently requires panHandler.

 

Deploy

The first step in the skillet will access the user's Azure or AWS account and deploy a virtual instance of Panorama using Terraform templates. This is a simplified alternative to using the Azure Resource Manager UI or AWS UI for Panorama deployment.

 

After Panorama is online and the IP address is accessible, the Step 2 skillet will:

  • apply the serial number and license Panorama
  • perform a software update
  • install content updates
  • install the Prisma Access cloud services plugin

 

For users that are not using the Step 1 deploy skillets and deploy their own Panorama, the Step 3 skillet can also be used to help automate the steps listed above to ensure Panorama deployment is complete.

 

The last deploy piece is to use the Customer Support Portal to generate a One Time Password that is used in Panorama to verify the cloud service.

 

Configure

 

Service Setup Collection

Initial configuration of the infrastructure subnet and BGP AS

 

Mobile User Collection

 

After verification is complete, Panorama is ready for configuration. For mobile users, this requires the initial service setup and the mobile user configuration.

 

There are 2 configuration options depending on access to the Panorama API: API and non-API.

 

API Option

This series of skillets leverage the Panorama API generate a configuration file, import to Panorama, and use 'load config partial' commands to merge the configuration elements into the candidate configuration.

 

Non-API Option

For remote support or users without access to the Panorama API, this option will generate a full configuration file that can be manually imported to Panorama. Once imported the documentation includes a small set of load config partial commands that can be pasted into the CLI to do the configuration.

 

Remote Network Collection

Initial Remote Network setup and onboarding configuration using the Panorama API. Includes IKE/IPSEC Crypto profiles, IKE gateway, IPSEC tunnel, and plug-in onboarding configuration.

 

Assess

The assess skillet provides a simple interface to query Prisma Access and obtain service information. Details for the REST queries can be found in the Admin Guide

 

 

Tags (1)