HomeSkillet is a starter internet gateway configuration that builds on a modified version of IronSkillet for use in home networks. It includes interface, zone, NAT, and security policy configuration.

  Brief Description This quickplay solution includes a set of scripts and skillets to quickly query the NGFW to determine inbound open policy ports/applications, domain categories, and URL categories.   Below is a quick summary of each of the scripts.      Prerequisites Playing this solution requires: panhandler 4.3 or later to play skillets API access to the NGFW   Solution Details Documentation:  https://github.com/PaloAltoNetworks/panos-query-scripts/blob/main/README.md Github Location: https://github.com/PaloAltoNetworks/panos-query-scripts.git Github Branches:  main Product Versions Supported: DNS domain category query: PAN-OS 10.0 and later URL category query: PAN-OS 9.0 and later Inbound policy query: PAN-OS 9.0 and later   Full Description The quickplay scripts and skillets use the NGFW API to gain insights about inbound policy configuration and cloud service category mappings.   Get the DNS Domain or URL Category PAN-OS includes the capability to use CLI commands and the web UI to leverage the NGFW as a proxy into the cloud service layer to get category mappings for URLs and DNS domains. The CLI commands include:   test dns-proxy dns-signature fqdn {domain-to-test} test url {url-to-test}   The quickplay solution utilizes these commands through the API to read a list of domains or URLs to determine their category and output the results to screen and as a csv file for additional data analysis.   Open Port Query Provides a quick configuration analysis using the API to find security policies with destination of 'any' and a user input zone. The output shows the security policy name and associated services/ports and applications.   This provides quick insights regarding the NGFW attack surface where traffic is allowed from high risk zones such as the internet.          

This solution is a tool that allows you to enable additional threat logging on multiple firewalls directly or through Panorama :   Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death Generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection 

This quickplay solution provides a rapid API-based CIS benchmark assessment of the Palo Alto Networks NGFW

The Local Government skillets are intended for local government NGFW configurations including pre-build region based blocking and compliance tags.