ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
As PAN-OS continues to grow its feature capabilities we also strive to extend our automated solution sets. This current release of content not only updates IronSkillet to include new 10.0 features but also adds in new security services such as Cortex Data Lake, IoT Security, and SD-WAN. The goal is to replace time consuming documentation research and UI clicks with tested, ready to use configurations and validation assessments.
This is the fifth release of our IronSkillet day one configuration. In this release we've included inline ML coverage for Wildfire/AntiVirus and URL-Filtering profiles, DNS security category verdict actions, and moving Wildfire dynamic updates from every minute to real-time. The goal is to continue evolving IronSkillet in unison with the NGFW product for a consistent and current day one configuration.
A complete list of IronSkillet 10.0 changes can be found in the IronSkillet Release History
Additional IronSkillet information can be found in the IronSkillet community article.
The CDL solution set includes playbooks, skillets, and set commands to simplify both the onboarding of the NGFW to CDL and 'brownfield' updates to existing log forwarding profiles to include both CDL and Enhanced Application Logging (EAL).
The Ansible playbook, run natively or as a skillet, completes a series of tasks including CDL onboarding, licensing checks, validations, and global configuration of CDL in the firewall. All this is required is the onboarding pre-shared key (PSK) created in the Cortex Data Lake application. As an alternative for non-API users we've included a similar collection of operational and configuration set commands used with the firewall CLI.
After onboarding is complete or for existing installations we include helper skillets to add CDL/EAL to existing log forwarding profiles and do a firewall assessment using a validation skillet. The assessment checks CDL and EAL licensing and configuration elements to ensure a successful deployment.
Additional Cortex Data Lake skillet information can be found in the PAN-OS Cortex Data Lake skillets community article.
The IoT security solution builds on the Cortex Data Lake logging solution to further configure and validate the firewall specific to select IoT deployment models. Configuration elements are based on the IoT Security Onboarding guide. Helper configurations support DHCP configuration, pre-10.0 DHCP server to relay conversion, adding log forwarding profiles for CDL/EAL, and updating existing security policies with log forwarding.
For existing deployments and troubleshooting assistance, a validation skillet can be used to assess the current configuration and operational state showing missing elements required for a successful deployment.
Lastly, this solution includes a traffic generation script for demo/POC environments to generate IoT DHCP and session traffic. This traffic is captured by the firewall and forwarded to CDL and the Cortex IoT platform for analysis and visibility.
Additional IoT Security skillet information can be found in the IoT Automated Solution community article.
To alleviate the complexities of Panorama configuration for SD-WAN, a set of skillets are used for device onboarding and hub/branch template and device-group site configurations. The combination of skillets that include Panorama variables, allows for custom creation of device sites and site-specific interface types.
This skillet is currently released for PAN-OS 9.1.
Additional PAN-OS SD-WAN skillet information can be found in the SD-WAN skillets community article.
We're excited to release these new skillet solution updates to the community.
If you have ideas for automated solutions drop us a note in our Skillet Suggestion board. We're also looking to see where we can help the community simplify deployments, configuration, and assessment of the NGFW.