on 01-28-2020 12:51 PM - edited on 06-21-2021 03:18 PM by abarone
The K-12 Skillet is intended to help enable a safe and secure internet experience. The solution hardens a network by building off of the IronSkillet configuration and by enabling Safe Search features across the institution without having to manually configure and audit devices.
K-12 users or other entities that want to implement Safe Search features.
Documentation: https://github.com/PaloAltoNetworks/K12Skillet/blob/master/README.md
GitHub Location: https://github.com/PaloAltoNetworks/K12Skillet
GitHub Branches: master
PAN-OS Supported: 10.0, 10.1
Type of Skillet: workflow, panos/xml, docker, python3
Collections: Education
Purpose: Enable a safe and secure internet experience for K-12 users
The K-12 Skillet utilizes Git submodules in order to pull external skillets into this repository for its use. This K-12 solution chains together skillets from the IronSkillet Components, SLED Components, PAN-OS Upgrade/Downgrade, and PAN-OS Config Elements repositories into one chain of execution. Since the submodules specifically point to a commit in the external repository's history, the K-12 solution can stay up-to-date by simply updating the commit references.
This Quickplay solution is meant to be run as a workflow skillet, which groups together multiple skillets. The four sub-skillets that run are as follows:
The baseline python3 skillet (from the PAN-OS Config Elements repo) loads an empty, 'out-of-the-box' baseline configuration to the firewall while saving existing admin credentials and management interface configurations.
The content update docker skillet (from the PAN-OS Upgrade/Downgrade repo) runs an Ansible playbook that downloads and installs the latest content/threat and anti-virus updates to ensure the firewall is fully armed with the latest signatures.
The IronSkillet panos playlist skillet, which includes snippets from the IronSkillet Components repo, configures an initial baseline for the firewall, including device hardening and security profiles to be used by use-case specific configuration and security policies. For more information about IronSkillet, see the documentation.
NOTE: You must have IronSkillet configured on your NGFW before loading the K-12 solution since many K-12 configuration elements depend on IronSkillet elements.
The K-12 panos skillet configures the following elements:
Additional Safe Search information can be found at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/url-filtering/safe-search-enforcement.html
The following should be completed before running the K-12 Solution Workflow:
Hi,
Ive tried importing this skillet to PAN Handler and get the below error. Other skillets import successfully. Do you have any ideas on what the issue may be?
Could not Import Repository: Cmd('git') failed due to: exit code(1) cmdline: git submodule update --init stderr: 'Submodule 'submodules/SLED-components' (https://github.com/annabarone/SLED-components.git) registered for path 'submodules/SLED-components' Submodule 'submodules/ironskillet-components' (https://github.com/PaloAltoNetworks/ironskillet-components.git) registered for path 'submodules/ironskillet-components' Submodule 'submodules/panos-ansible-upgrade-downgrade' (https://gitlab.com/panw-gse/tech-library/deploy/panos-ansible-upgrade-downgrade.git) registered for path 'submodules/panos-ansible-upgrade-downgrade' Submodule 'submodules/panos-config-elements' (https://gitlab.com/panw-gse/tech-library/configure/panos-config-elements.git) registered for path 'submodules/panos-config-elements' Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/SLED-components'... Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-ansible-upgrade-downgrade'... remote: HTTP Basic: Access denied fatal: Authentication failed for 'https://gitlab.com/panw-gse/tech-library/deploy/panos-ansible-upgrade-downgrade.git/' fatal: clone of 'https://gitlab.com/panw-gse/tech-library/deploy/panos-ansible-upgrade-downgrade.git' into submodule path '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-ansible-upgrade-downgrade' failed Failed to clone 'submodules/panos-ansible-upgrade-downgrade'. Retry scheduled Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/ironskillet-components'... Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-config-elements'... remote: HTTP Basic: Access denied fatal: Authentication failed for 'https://gitlab.com/panw-gse/tech-library/configure/panos-config-elements.git/' fatal: clone of 'https://gitlab.com/panw-gse/tech-library/configure/panos-config-elements.git' into submodule path '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-config-elements' failed Failed to clone 'submodules/panos-config-elements'. Retry scheduled Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-ansible-upgrade-downgrade'... remote: HTTP Basic: Access denied fatal: Authentication failed for 'https://gitlab.com/panw-gse/tech-library/deploy/panos-ansible-upgrade-downgrade.git/' fatal: clone of 'https://gitlab.com/panw-gse/tech-library/deploy/panos-ansible-upgrade-downgrade.git' into submodule path '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-ansible-upgrade-downgrade' failed Failed to clone 'submodules/panos-ansible-upgrade-downgrade' a second time, aborting Cloning into '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-config-elements'... remote: HTTP Basic: Access denied fatal: Authentication failed for 'https://gitlab.com/panw-gse/tech-library/configure/panos-config-elements.git/' fatal: clone of 'https://gitlab.com/panw-gse/tech-library/configure/panos-config-elements.git' into submodule path '/home/cnc_user/.pan_cnc/panhandler/repositories/K12 Skillet/submodules/panos-config-elements' failed Failed to clone 'submodules/panos-config-elements' a second time, aborting'
Thank you for bringing this to our attention. The errors you experienced were due to our team's movement of all public content from GitLab to GitHub. We've updated the skillet to reflect this and is ready to import now. You may need to remove the repository from your PanHandler first before you can successfully import the updated repository.