Quickplay Solutions Articles
cancel
Showing results for 
Search instead for 
Did you mean: 
Featured Article
  Brief Description This quickplay solution includes a set of scripts and skillets to quickly query the NGFW to determine inbound open policy ports/applications, domain categories, and URL categories.   Below is a quick summary of each of the scripts.      Prerequisites Playing this solution requires: panhandler 4.3 or later to play skillets API access to the NGFW   Solution Details Documentation:  https://github.com/PaloAltoNetworks/panos-query-scripts/blob/main/README.md Github Location: https://github.com/PaloAltoNetworks/panos-query-scripts.git Github Branches:  main Product Versions Supported: DNS domain category query: PAN-OS 10.0 and later URL category query: PAN-OS 9.0 and later Inbound policy query: PAN-OS 9.0 and later   Full Description The quickplay scripts and skillets use the NGFW API to gain insights about inbound policy configuration and cloud service category mappings.   Get the DNS Domain or URL Category PAN-OS includes the capability to use CLI commands and the web UI to leverage the NGFW as a proxy into the cloud service layer to get category mappings for URLs and DNS domains. The CLI commands include:   test dns-proxy dns-signature fqdn {domain-to-test} test url {url-to-test}   The quickplay solution utilizes these commands through the API to read a list of domains or URLs to determine their category and output the results to screen and as a csv file for additional data analysis.   Open Port Query Provides a quick configuration analysis using the API to find security policies with destination of 'any' and a user input zone. The output shows the security policy name and associated services/ports and applications.   This provides quick insights regarding the NGFW attack surface where traffic is allowed from high risk zones such as the internet.          
View full article
Brief Description Simplify and validate the firewall configuration for the Cortex IoT security service. The skillets also include the Cortex Data Lake skillets due to Data Lake and IoT service integration.   Below is a quick summary of the solution, a how-to guide for setting up the solution, and an explanation of the solution workflow menu options.     Target Audience PAN-OS Cortex IoT validations and configuration to ensure NGFW readiness. Also an IoT traffic generator for Linux endpoints.   Prerequisites Active Cortex Data Lake license Preshared key for on-boarding firewalls to Cortex Data Lake panHandler version 4.0 or later import of panos-logging-skillets Linux hosts (tested with Ubuntu 18.04)   Skillet Details Documentation:  https://github.com/PaloAltoNetworks/iot-automated-solution/blob/master/README.md Github Location: https://github.com/PaloAltoNetworks/iot-automated-solution.git Github Branches:   master PAN-OS Versions Supported:   9.x, 10.0 Type of Skillet:   panos Collections: CDL IoT   Full Description The suite of skillets are design to assist with and validate the Cortex Data Lake install and then implement required configuration elements for DHCP and traffic logging specific to the IoT security service.   IoT configuration assist is based on the Get Started with IoT Security documentation. Workflow Various selection options based on software version and deployment type for IoT. The workflow steps through the needed skillets required by the user. Validation The validation skillet checks required elements for a successful Cortex Data Lake (CDL) and Cortex IoT install. Key items include firewall licensing, global CDL configuration, fetch CDL certificates, and CDL/EAL enablement in log forwarding profiles. Cortex Data Lake Playbook Cortex Data Lake inline validation checks and configuration using an Ansible playbook. Cortex Data Lake Optional Configurations CDL specific configurations needed for select IoT deployments including:   update of existing log forwarding profiles with EAL/CDL enabled add a log forwarding profile that is EAL/CDL ready update security policies to include a selected log forwarding profile   IoT Configuration Elements Based on the deployment scenario and software version, the firewall configuration may required additions or modifications:   10.0 firewall DHCP server: enable DHCP broadcast session Virtual Wire deployments: enable multicast firewalling Tap mode configuration with alert-all security profiles and policy Pre-10.0 local DHCP: convert to a logical interface DHCP server + enable DHCP relay Add a security policy specific to the DHCP application for traffic visibility   IoT Traffic Generator Python script running on a Linux host to emulate multiple IoT endoints and mqtt traffic sessions. Requires an IoT broker host (eg. mosquitto) to receive and respond to mqtt session requests.   The key element of the generator is emulating DHCP sessions that create log events in the firewall and passed to Cortex Data Lake and Cortex IoT.   HomeSkillet POC Add-on Configurations Using HomeSkillet as a quick-install base configuration, provide additional configuration elements for the IoT broker interface, zones, and security policy.  
View full article
This solution is a tool that allows you to enable additional threat logging on multiple firewalls directly or through Panorama :   Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death Generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection 
View full article
This quickplay solution provides an Ansible playbook to license a VM-series NGFW using an activated authcode, provide content updates, and upgrade or downgrade to a user-inputted PAN-OS software version
View full article
Set of simple skillets that can be used to perform simple tasks or as a starting point to learn about skillets. Includes changing the NGFW hostname, instantiate an Ubuntu server or VM-Series in AWS
View full article
This quickplay solution provides a rapid API-based CIS benchmark assessment of the Palo Alto Networks NGFW
View full article
The Local Government skillets are intended for local government NGFW configurations including pre-build region based blocking and compliance tags.
View full article
IronSkillet is a day one deployment-agnostic NGFW and Panorama configuration. It is used as an initial baseline including device hardening and security profiles to be used by use-case specific configuration and security policies.
View full article
A set of skillets, set commands, and playbooks to simplify implementation and validation of Cortex Data Lake for the NGFW.
View full article
A set of GlobalProtect API and set command configuration skillets based on the Quick Config Guides
View full article
This skillet will collect information from a NGFW then post that information to the SLR API. 
View full article
The K-12 Skillet is intended to help enable a safe and secure internet experience. The features and options are meant to help easily enable Safe Search features across the institution without having to manually configure and audit devices.  
View full article
This skillet will take input variables and configure an IPSec Tunnel and IKE Gateway.
View full article
HomeSkillet is a starter internet gateway configuration that builds on a modified version of IronSkillet for use in home networks. It includes interface, zone, NAT, and security policy configuration.
View full article
This skillet will configure a BGP peer. It needs to be combined with a redistribution profile in order to advertise routes to the peer. This configuration assumes all of the default timers and values for BGP.
View full article
GcpHttpLbAppID skillet to create the Palo Alto Networks App-ID for the Azure Application Gateway Health Probe.
View full article
This Skillet provides information about a pre-provisioned NGFW DNS proxy configuration. Find more details and options to commit and backup successfully. 
View full article
Monitoring HTTP status codes assist customers in locking down HTTP responses to prevent fingerprinting and helping create more effective App-ID signatures. These configured Threat Prevention custom signatures will log HTTP response status codes.
View full article
Top Contributors