01-27-2020 01:41 PM
First there was IronSkillet
The skillet story starts with IronSkillet. The goal was to answer a simple question: how can a new NGFW user get to a recommended day one configuration without hours to days of reading through configuration guides while stepping through 1000's of GUI clicks?
The answer required two sets of expertise: (1) security subject matter experts to define a best practice configuration and (2) automation experts to help define how to make the configuration consumable across a broad set of applications. The former expertise was provided with a mix of inputs from Pro Services, the Best Practice Assessment team, Consulting Engineers, Technical Marketing Engineers, and Support engineers. The latter expertise, and the genesis of the skillet concept, was based on a design model from automation experts.
IronSkillet (aka 'a hardened PAN') provides a structured model for an xml-based configuration template including the ability to allow for user input variables and simple logic based on configuration options such as a DHCP or statically addressed interfaces. This configuration file is packaged with associated metadata so it can be shared and played back with any supporting application.
Skillets and Records
Played back...like a record? Yep. This lead to the concept that the skillet is like a record and the supporting applications the record players. And borrowing from the IronSkillet name we now have these record-like skillets.
Now that there is a structured way to capture and share configuration information, our records, the skillet story extended beyond IronSkillet to any configuration use case. Whether the need for highly repeatable configurations such as MSSP or branch deployments or Just-in-Time needs like demos, training, or quick deployments the same model can be used. Now instead of the IronSkillet security-centric team any SME can readily share their experiences.
Moving Beyond NGFW and Panorama Configuration
With the metadata model used, skillets could extend beyond the playback of xml configuration files. The second generation of skillets now included:
More than Configuration and Instantiation: Validation
The current generation of skillets also allow for the analysis of configuration information as validation skillets. This skillet has a set of test rules to look for specific configuration elements, licensing information, and content update status. This creates a more dynamic environment to better understand the device state.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!