Includes:
- template releases
- tools updates
- documentation revisions
Template content updates are high level. Details can be found in the template guides.
Released January 22, 2020
- first release based on v9.0
- no release specific additions
Template content updates are high level. Details can be found in the template guides.
Released January 22, 2020
- added grayware and cryptcurrency url categories
- added missing User tag log settings
- inclusion of validation skillets
Released c September, 2019
- minor updates
Released July 30, 2019
- Added password complexity and admin lockout elements
- Dynamic updates for GlobalProtect
- Opt-out default for the Palo Alto Networks EDL associated security rules
- Removed the IPv4 and IPv6 Bogon EDLs and associated security rules
- Updated the IPv4 sinkhole to use FQDN instead of an IP address
- Clean up for the baseline configuration to remove IPSEC, IKE, QoS defaults
- Clean up for URL Black-List and White-List category usage in profiles
Released March 15, 2019
- migrated initial template from 8.1
- inclusion of new features per the 9.0 new features documentation
Template content updates are high level. Details can be found in the template guides.
Released July 30, 2019
- Added password complexity and admin lockout elements
- Dynamic updates for GlobalProtect
- Opt-out default for the Palo Alto Networks EDL associated security rules
- Removed the IPv4 and IPv6 Bogon EDLs and associated security rules
- Updated the IPv4 sinkhole to use FQDN instead of an IP address
- Clean up for the baseline configuration to remove IPSEC, IKE, QoS defaults
- Clean up for URL Black-List and White-List category usage in profiles
Released March 18, 2019
Template Content
- added max lines for log csv output
Released January 8, 2019
Template Content
- updated virus profiles from 'default' to 'reset-both' so explicit blocking
- added set commands template as text file and Excel spreadsheet
- loadable default configurations include full xml and set commands
- update to the template stack snippet including <config> tree elements
- removed GTP logging elements since not supported on all hardware platforms
Released Oct 3, 2018
Template Content
- added a default security profile group based on the Outbound group
Documentation
- fixed errors in the tools installation instructions
Released August 30, 2018
Template Content
- modified device_system type=dhcp configuration elements to fix dhcp-client commit error
Released: August 7, 2018
Template Content
Device settings updates to increase security hardening
- Prevent TCP and UDP buffer overflow and multi-part HTTP download evasions
- Enable high DP load logging
- Prevent App-ID buffer overflow evasion
- set bypass-exceed-queue to 'no'
- Prevent TCP and MPTCP evasions
- Include default login banner
- Correct url-filtering Alert-All profile to include command-and-control
- Set default interzone action to a drop instead of deny
- include firewall management interface options for dhcp-client, standard or cloud models
- include Panorama options for standard or cloud deployments
- using a tag attribute for the template version numbering
Documentation
- moved docs to readthedocs.io
- move to release-specific documentation
Template Archive
- moved to release branch per software release in github
Released: May 10, 2018
- first release on github
- xml snippets and full config
- static pdf documentation
- updated the build_full_config.py with the ability to merge snippets using same xpath
- added build_all.py to create all full configs and spreadsheets
- test_set_commands.py and test_full_config.py to load and test configuration changes
- moved config variables from a python dictionary to a yaml format
- updated existing tools to support the yaml variables file
- added a utility to create the Excel spreadsheet from the set conf file
- removed the creation of default snippets output to loadable configs
- renamed the output from 'my configs' to 'loadable configs' for clarity
- modified variable model to support python 3.5 instead of 3.6 and later
- added the build_full_config utility to create a full template from the config snippets
added the build_my_config utility
- provide simple variable substituions using the my_variable inputs
- store output into the my_config folder with unique naming
- fixed tools issue so will load the panw edl based security rules
Documentation revisions outside of template-tooling updates. These are documented by date, not verison.
- addition of visual guide for panos
- validation skillet section added
- add 9.1 related content links
- Move docs to their own doc branch and merge as a single doc set
- Add in associated template changes and new xml links (mgt user config and password complexity)
- Add a release variance doc to show deltas for new releases
- Addition of requirements and caveats to use IronSkillet
- Pointers to PanHandler and SkilletCLI as new tools to load configurations
- added instructions to remove security profiles for reduced capacity VM-50
- updated with inclusion of max csv lines for log output
- simplified repo main README for non-python users
- added documentation for the SET command spreadsheet
- added next-level directory README files for added context
- general edits for using tools based on tools changes
- added description for Panorama template variations in Panorama template docs
- added instructions for editing the full configuration template variables in the GUI
- added instructions for editing the full configuration template variables using the console
- fixed errors in the tools installation instructions
- moved docs to readthedocs.io
- move to release-specific documentation
- first release on github
- static pdf documentation