Panorama Versions Supported:9.0.x running cloud services plugin version 1.5 (9.1 not currently supported)
Type of Skillet:panorama, python, terraform, docker
Prisma Access Deploy Panorama
Prisma Access Configure Service Setup
Prisma Access Configure Mobile Users
Prisma Access Configure Remote Networks
Prisma Access Assess Tools
The description below gives an overview of the skillet elements. For detailed information regarding prerequisites and skillet usage please review the Prisma Access Skillet documentation.
Playing the skillets currently requires panHandler.
The first step in the skillet will access the user's Azure or AWS account and deploy a virtual instance of Panorama using Terraform templates. This is a simplified alternative to using the Azure Resource Manager UI or AWS UI for Panorama deployment.
After Panorama is online and the IP address is accessible, the Step 2 skillet will:
apply the serial number and license Panorama
perform a software update
install content updates
install the Prisma Access cloud services plugin
For users that are not using the Step 1 deploy skillets and deploy their own Panorama, the Step 3 skillet can also be used to help automate the steps listed above to ensure Panorama deployment is complete.
The last deploy piece is to use the Customer Support Portal to generate a One Time Password that is used in Panorama to verify the cloud service.
Service Setup Collection
Initial configuration of the infrastructure subnet and BGP AS
Mobile User Collection
After verification is complete, Panorama is ready for configuration. For mobile users, this requires the initial service setup and the mobile user configuration.
There are 2 configuration options depending on access to the Panorama API: API and non-API.
This series of skillets leverage the Panorama API generate a configuration file, import to Panorama, and use 'load config partial' commands to merge the configuration elements into the candidate configuration.
For remote support or users without access to the Panorama API, this option will generate a full configuration file that can be manually imported to Panorama. Once imported the documentation includes a small set of load config partial commands that can be pasted into the CLI to do the configuration.
Remote Network Collection
Initial Remote Network setup and onboarding configuration using the Panorama API. Includes IKE/IPSEC Crypto profiles, IKE gateway, IPSEC tunnel, and plug-in onboarding configuration.
The assess skillet provides a simple interface to query Prisma Access and obtain service information. Details for the REST queries can be found in the Admin Guide