Skip to content

Latest commit

 

History

History
 
 

panos_HomeSkillet_step1_base

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.meta-cnc.yaml
.meta-cnc.yaml
 
 
README.md
README.md
 
 
address.xml
address.xml
 
 
device_setting.xml
device_setting.xml
 
 
device_system.xml
device_system.xml
 
 
device_system_dns.xml
device_system_dns.xml
 
 
device_system_mgmt_ip.xml
device_system_mgmt_ip.xml
 
 
email_scheduler_simple.xml
email_scheduler_simple.xml
 
 
hs_device_setting_allow_httprange.xml
hs_device_setting_allow_httprange.xml
 
 
hs_rulebase_decryption_disable.xml
hs_rulebase_decryption_disable.xml
 
 
log_settings_profiles.xml
log_settings_profiles.xml
 
 
log_settings_profiles_email.xml
log_settings_profiles_email.xml
 
 
mgt_config_users.xml
mgt_config_users.xml
 
 
password_complexity.xml
password_complexity.xml
 
 
profile_group.xml
profile_group.xml
 
 
profiles_custom_url_category.xml
profiles_custom_url_category.xml
 
 
profiles_decryption.xml
profiles_decryption.xml
 
 
profiles_file_blocking.xml
profiles_file_blocking.xml
 
 
profiles_spyware.xml
profiles_spyware.xml
 
 
profiles_url_filtering.xml
profiles_url_filtering.xml
 
 
profiles_virus.xml
profiles_virus.xml
 
 
profiles_vulnerability.xml
profiles_vulnerability.xml
 
 
profiles_wildfire_analysis.xml
profiles_wildfire_analysis.xml
 
 
report_group_simple.xml
report_group_simple.xml
 
 
reports_simple.xml
reports_simple.xml
 
 
rulebase_decryption.xml
rulebase_decryption.xml
 
 
rulebase_default_security_rules.xml
rulebase_default_security_rules.xml
 
 
rulebase_security.xml
rulebase_security.xml
 
 
shared_log_settings.xml
shared_log_settings.xml
 
 
shared_log_settings_email.xml
shared_log_settings_email.xml
 
 
tag.xml
tag.xml
 
 
zone_protection_profile.xml
zone_protection_profile.xml
 
 

README.md

IronSkillet variations for HomeSKillet configuration

The primary assumption is that home users with a PA-220 or similar device already have their management port configured and operational. The same is true for the admin superuser. Therefore this portion of the configuration is omitted during snippet loading.

Residential usage can be impacted with a full IronSkillet configuration. Therefore items such as decryption cert checks and email alerts not part of the HomeSkillet base configuration.

The following snippets and associated variables have been omitted from the snippet loading:

  • device_system_dns
  • email_scheduler_simple
  • log_settings_profiles_email
  • mgt_config_users
  • shared_log_settings_email

Instead of remove the decryption configuration it is left for reference but disabled using the snippet:

  • hs_rulebase_decryption_disable

This can easily be enabled as required

The following are edits based on observed issues in home configurations.

  • hs_device_setting_allow_httprange: this is enabled to ensure home streaming and other applications are not impacted. This has been observed with Amazon Prime video streaming.