IronSkillet Day One Configuration

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Last Reviewed: 09-15-2023 01:06 AM
Audited By: kiwi
L4 Transporter
67% helpful (2/3)




Brief Description

IronSkillet is a day one deployment-agnostic NGFW and Panorama configuration. It is used as an initial baseline including device hardening and security profiles to be used by use-case specific configuration and security policies.


Target Audience

Users who want to an immediate day one configuration to build from without extensive research and GUI clicks.


Skillet Details


Github Location

Github Branches: panos_v11.0, panos_v10.2, panos_v10.1

PAN-OS Supported: 11.0, 10.2, 10.1 for the NGFW and Panorama

Type of Skillet: panos (xml/set) and panorama (xml/set)

Collections: IronSkillet, Config, Validations

Purpose: starting point for new NGFW or Panorama deployment


Detailed Description

IronSkillet includes a broad set of configuration elements that land in various areas of the configuration as show in the menu items below.


IronSkillet MenuIronSkillet Menu

For a detailed walkthrough of the GUI elements used in IronSkillet, use the visual guide:


Skillet focus can broken into a few core areas:

  • Device management hardening: general operations of the NGFW

  • Security traffic hardening: control of traffic flows that impacts device monitoring

  • Logging and alerts: data collection and external notifications

  • Security objects and policies: policy-related config settings and dynamic updates

  • Decryption objects and policies: certification checks and sample no-decrypt policy


The repo contains the following skillets and other configuration elements:


  • NGFW and Panorama full configuration file as a template and folder with default-based loadable configs

  • NGFW and Panorama xml snippets

  • NGFW and Panorama set command skillets including a spreadsheet version that is tool agnostic

  • NGFW validation skillet mapped to the Visual Guide to compare current configurations to IronSkillet recommendations

  • NGFW validation skillet showing new items added between 8.1 and 9.x to look for gaps during sw upgrades

  • IronSkillet 10.1 release also includes a new playlist model allowing users to select which IronSkillet components they wish to load or include in other solutions


Detailed information specific to using each skillet type is included in the documentation.



The following should be completed before running IronSkillet:

  • firewall licenses activated including all threat, URL, and Wildfire subscriptions

  • updated with the latest or recommended software release

  • if using PanHandler: updated to 3.0 latest release


Additional details specific to each loading stage, variables, and release updates are found at


Loading IronSkillet

Various tools and apps have been updated to work with IronSkillet including:


Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎12-27-2022 11:26 AM
Updated by: