- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-27-2020 10:59 AM - edited 10-25-2021 05:39 PM
This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using Prisma Access and looking for simplified Panorama deployment and configuration.
Documentation: https://github.com/PaloAltoNetworks/prisma-access-skillets/blob/master/README.md
Github Location: https://github.com/PaloAltoNetworks/prisma-access-skillets.git
Github Branches: master
Panorama Versions Supported: 9.0.x running cloud services plugin version 1.5 (9.1 not currently supported)
Type of Skillet: panorama, python, terraform, docker
Collections:
The description below gives an overview of the skillet elements. For detailed information regarding prerequisites and skillet usage please review the Prisma Access Skillet documentation.
Playing the skillets currently requires panHandler.
The first step in the skillet will access the user's Azure or AWS account and deploy a virtual instance of Panorama using Terraform templates. This is a simplified alternative to using the Azure Resource Manager UI or AWS UI for Panorama deployment.
After Panorama is online and the IP address is accessible, the Step 2 skillet will:
For users that are not using the Step 1 deploy skillets and deploy their own Panorama, the Step 3 skillet can also be used to help automate the steps listed above to ensure Panorama deployment is complete.
The last deploy piece is to use the Customer Support Portal to generate a One Time Password that is used in Panorama to verify the cloud service.
Initial configuration of the infrastructure subnet and BGP AS
After verification is complete, Panorama is ready for configuration. For mobile users, this requires the initial service setup and the mobile user configuration.
There are 2 configuration options depending on access to the Panorama API: API and non-API.
This series of skillets leverage the Panorama API generate a configuration file, import to Panorama, and use 'load config partial' commands to merge the configuration elements into the candidate configuration.
For remote support or users without access to the Panorama API, this option will generate a full configuration file that can be manually imported to Panorama. Once imported the documentation includes a small set of load config partial commands that can be pasted into the CLI to do the configuration.
Initial Remote Network setup and onboarding configuration using the Panorama API. Includes IKE/IPSEC Crypto profiles, IKE gateway, IPSEC tunnel, and plug-in onboarding configuration.
The assess skillet provides a simple interface to query Prisma Access and obtain service information. Details for the REST queries can be found in the Admin Guide