on 03-29-2019 04:21 AM - edited on 05-26-2020 03:13 PM by Retired Member
As you already know, Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet.
https://github.com/PaloAltoNetworks/iron-skillet
IronSkillet is basically a template that provides several best practices to minize the time to deploy a Day 1 Configuration in your Palo Alto Networks devices.
With this article, we show you how to create a new Base Configuration file plus remediate some of the checks failed at the time to run the BPA and export that configuration to your device. With this example, you will get a config that is 67% following the BPA recomendations.
Followed steps in pages 8 and 9 of the attachment, however, the errors/warning do not remediate. Using version 1.1.12 and BP:3.6.3
All internal checks are green and jobs and tast manager is Green, with 0 pending.
Why is this failing and what does remediate exactly do? Which logs can be reviewed to understand why remediate is not working?
Thanks.
Ho
