fair question! My org has been spending an awful lot of time chasing soc2 compliance, CIS benchmarks, now NIST. it's tedious work and I suspect will never end. Being a career "network guy" one thing that has always been a challenge is building an environment that can be easily audited. So, the reason we're moving forward with ansible to automate some of our palo stuff is because then our config is in code..we have commit histories, change control, etc... it will be very handy to say "this is our baseline security config - here's our code - here's our proof we comply," etc.. so - to the question " Do you plan to use ansible instead of panorama to create firewall rules? Any special reason?" I think that's the direction we're headed...only because panorama is slow, lots of point & click, fairly cumbersome. Don't get me wrong...Panorama does a lot of good stuff...but it's also cumbersome, and still hand built manual. Since I'm still pretty new to this I'd love to hear your thoughts on what other low hanging fruit you think is better to pursue first.
... View more