03-27-2020 10:58 AM - edited 03-09-2021 05:23 AM
This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using GlobalProtect and need a quick start configuration helper
Github Location: https://github.com/PaloAltoNetworks/GPSkillets.git
Github Branches: panos_v90
PAN-OS Versions Supported: 9.x
Type of Skillet: panos, template (set commands)
This skillet set is based on the GlobalProtect Quick Config guides and covers two common configuration options:
Configures GlobalProtect elements including the gateway and portal. Also included is a reference LDAP auth profile and a local DB reference user.
Adds pre-logon to the remote access VPN. Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is to authenticate the endpoint (not the user) and enable domain scripts or other tasks to run as soon as the endpoint powers on. Machine certificates enable the endpoint to establish a VPN tunnel to the GlobalProtect gateway. A common practice for IT administrators is to install the machine certificate while staging the endpoint for the user.
These configs create security rules that do not contain any sort of security profile or logging configuration. Please utilize the best practice security profiles from the iron-skillet repository on the rules that get created and read the Best Practices documentation before deploying.