Brief Description
A suite of deployment, configuration, and service information skillets for Prisma Access mobile users including:
Panorama instantiation in Azure or AWS
Panorama licensing, content updates, software updates, and basic configuration
Prisma Access service setup, mobile user, and remote network configuration/onboarding
Prisma Access API queries to view service information
Target Audience
This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using Prisma Access and looking for simplified Panorama deployment and configuration.
Skillet Details
Documentation: https://github.com/PaloAltoNetworks/prisma-access-skillets/blob/master/README.md
Github Location: https://github.com/PaloAltoNetworks/prisma-access-skillets.git
Github Branches: master
Panorama Versions Supported: 9.0.x running cloud services plugin version 1.5 (9.1 not currently supported)
Type of Skillet: panorama, python, terraform, docker
Collections:
Prisma Access Deploy Panorama
Prisma Access Configure Service Setup
Prisma Access Configure Mobile Users
Prisma Access Configure Remote Networks
Prisma Access Assess Tools
Full Description
The description below gives an overview of the skillet elements. For detailed information regarding prerequisites and skillet usage please review the Prisma Access Skillet documentation.
Playing the skillets currently requires panHandler.
Deploy
The first step in the skillet will access the user's Azure or AWS account and deploy a virtual instance of Panorama using Terraform templates. This is a simplified alternative to using the Azure Resource Manager UI or AWS UI for Panorama deployment.
After Panorama is online and the IP address is accessible, the Step 2 skillet will:
apply the serial number and license Panorama
perform a software update
install content updates
install the Prisma Access cloud services plugin
For users that are not using the Step 1 deploy skillets and deploy their own Panorama, the Step 3 skillet can also be used to help automate the steps listed above to ensure Panorama deployment is complete.
The last deploy piece is to use the Customer Support Portal to generate a One Time Password that is used in Panorama to verify the cloud service.
Configure
Service Setup Collection
Initial configuration of the infrastructure subnet and BGP AS
Mobile User Collection
After verification is complete, Panorama is ready for configuration. For mobile users, this requires the initial service setup and the mobile user configuration.
There are 2 configuration options depending on access to the Panorama API: API and non-API.
API Option
This series of skillets leverage the Panorama API generate a configuration file, import to Panorama, and use 'load config partial' commands to merge the configuration elements into the candidate configuration.
Non-API Option
For remote support or users without access to the Panorama API, this option will generate a full configuration file that can be manually imported to Panorama. Once imported the documentation includes a small set of load config partial commands that can be pasted into the CLI to do the configuration.
Remote Network Collection
Initial Remote Network setup and onboarding configuration using the Panorama API. Includes IKE/IPSEC Crypto profiles, IKE gateway, IPSEC tunnel, and plug-in onboarding configuration.
Assess
The assess skillet provides a simple interface to query Prisma Access and obtain service information. Details for the REST queries can be found in the Admin Guide
... View more