on 09-11-2020 11:32 AM - edited on 07-08-2021 07:58 PM by icharkashy
PAN-OS Cortex IoT validations and configuration to ensure NGFW readiness. Also an IoT traffic generator for Linux endpoints.
Github Location: https://github.com/PaloAltoNetworks/iot-automated-solution.git
Github Branches: master
PAN-OS Versions Supported: 9.x, 10.0
Type of Skillet: panos
The suite of skillets are design to assist with and validate the Cortex Data Lake install and then implement required configuration elements for DHCP and traffic logging specific to the IoT security service.
IoT configuration assist is based on the Get Started with IoT Security documentation.
Various selection options based on software version and deployment type for IoT. The workflow steps through the needed skillets required by the user.
The validation skillet checks required elements for a successful Cortex Data Lake (CDL) and Cortex IoT install. Key items include firewall licensing, global CDL configuration, fetch CDL certificates, and CDL/EAL enablement in log forwarding profiles.
Cortex Data Lake inline validation checks and configuration using an Ansible playbook.
CDL specific configurations needed for select IoT deployments including:
Based on the deployment scenario and software version, the firewall configuration may required additions or modifications:
Python script running on a Linux host to emulate multiple IoT endoints and mqtt traffic sessions. Requires an IoT broker host (eg. mosquitto) to receive and respond to mqtt session requests.
The key element of the generator is emulating DHCP sessions that create log events in the firewall and passed to Cortex Data Lake and Cortex IoT.
HomeSkillet POC Add-on Configurations
Using HomeSkillet as a quick-install base configuration, provide additional configuration elements for the IoT broker interface, zones, and security policy.