Skillet Builder Tools

The Skillet Builder tools repo contains a suite of tools to help create and test skillets.

Import to panHandler as part of the Skillet Builder sandbox. The skillets are part of the Skillet Builder collection.


Generate a Skillet

Used to generate an XML configuration skillet for PAN-OS or Panorama. The generator creates an output of XPath and XML element snippets by analyzing the difference between two XML configuration files.

../_images/Generate_Skillet_tile.png

Generate a Skillet steps:

  • Choose online or offline mode to obtain the ‘before and after’ configurations

  • Enter the yaml file preambles values

  • Copy the rendered output to the skillet .meta-cnc.yaml file

When running the generator choose between offline (From uploaded Configs) and online (From Running NGFW) mode.

../_images/Generate_Skillet_running_or_offline.png

Generator Offline Mode

Recommended when generating a skillet from a custom base configuration typically for add-on configuration skillets. Select a base and modified configuration to compare.

../_images/Generate_Skillet_offline_option.png

Note

Export the configuration files from the NGFW or Panorama before running the generator.

Generator Online Mode

Uses an ‘out of the box’ empty configuration as the baseline. This is useful to generate skillets for complete configurations used in demonstrations and POCs. Enter the device API credentials to export the running or candidate configuration file.

../_images/Generate_Skillet_online_mode_menu.png

Note

The skillet attempts to ensure correct snippet ordering. In some cases the snippets must be manually reordered based on load order dependencies.

Skeleton YAML file attributes

After the files are captured the user is prompted for the skillet preamble information.

../_images/Generate_Skillet_yaml_skeleton.png

  • Skillet ID: unique name for the skillet

  • Skillet Label: short text label used for skillet selection

  • Skillet description: descriptive text outlining the skillet usage

  • Collection Name: contextual name to group skillets

  • Skillet type: type of skillet (eg. panos, panorama, pan_validation)

Copy the Rendered Output to .meta-cnc.yaml

The output is a complete skillet metadata file. Copy the text and paste into the .meta-cnc.yaml file for the respective skillet. The .meta-cnc.yaml file can be further edited adding variables and pasted into the Skillet Test Tool for local testing without the requirement to push to Github.

The configuration tutorial skillet shows the output of the skillet generator used in the .meta-cnc.yaml file. This is the difference between an existing configuration file as base and a modified configuration file including the tag, external-list, and security policy configuration elements. After the generation, the skillet file was edited to include the variable components.


Preview XML Changes

Analyzes the difference between two XML files and outputs the changes in red.

../_images/Preview_XML_Changes_tile.png

When running the previewer choose between offline (From uploaded Configs) and online (From Running NGFW) mode.

../_images/Preview_XML_Changes_offline_or_online_mode.png

XML Preview Offline Mode

Recommended when previewing a skillet from a custom base configuration. Select a base and modified configuration to compare.

../_images/Preview_XML_Changes_offline_mode_files.png

Note

Export the configuration files from the NGFW or Panorama before running the previewer.

XML Preview Online Mode

Uses an ‘out of the box’ empty configuration as the baseline. This is useful to preview skillets to see a broad set of changes. Enter the device API credentials to export the running or candidate configuration file.

../_images/Preview_XML_Changes_online_mode_API_values.png

View the Changes

After the skillet plays the output to screen includes a list of modified XPaths and the full configuration file with changes highlighted with red text.

../_images/Preview_XML_Changes_modifications_xpaths.png

The XPaths are active links and will jump to its respective section of the configuration file.

../_images/Preview_XML_Changes_modifications_elements.png

The red text associates to the tag and external-list XPath configuration elements.

The preview can be useful to see the configuration surrounding outputs from the skillet generator to assist with any manual skillet tuning.


Generate Set CLI Commands

In some cases it is preferred to use set commands instead of XML API configuration. This skillet finds the difference between two configuration files and outputs the associated set commands.

../_images/Generate_Set_Commands_tile.png

When running the generator choose between offline (From uploaded Configs) and online (From Running NGFW) mode.

../_images/Generate_Set_Commands_offline_or_offline_selection.png

Generate Set Commands Offline Mode

Recommended when generating a skillet from a custom base configuration typically for add-on configuration skillets. Select a base and modified configuration to compare.

../_images/Generate_Set_Commands_offline_files_to_upload.png

Note

Export the configuration files from the NGFW or Panorama before running the generator.

Generate Set Commands Online Mode

Uses an ‘out of the box’ empty configuration as the baseline. This is useful to generate skillets for complete configurations used in demonstrations and POCs. Enter the device API credentials to export the running or candidate configuration file.

../_images/Generate_Set_Commands_online_mode_API_values.png

View the Rendered Output

A list of output set commands will be displayed on screen.

../_images/Generate_Set_Commands_set_commands.png

Note

The skillet attempts to ensure correct set command ordering. In some cases the commands must be manually reordered based on load order dependencies.


Skillet Test Tool

The test tool is used to play skillets without the need to upload to Github and update the repo in panHandler. Debug outputs can be used for enhanced skillet testing.

../_images/Skillet_Test_Tool_tile.png

When running the test tool choose between Offline and Online modes. Also select Debug mode if required.

Skillet Test Offline Mode

  • validation skillets: paste in a configuration text file without requiring API access

  • other skillet types: not applicable and may generate errors

../_images/Skillet_Test_Tool_offline_mode_text_box.png

Note

Export the configuration files from the NGFW or Panorama before running the test tool.

Skillet Test Online Mode

  • panos/panorama: load skillet snippets using API credentials

  • validation: use API credentials to export the file and run the validation

  • rest: run the skillet with REST credentials and output the results

../_images/Skillet_Test_Tool_oneline_mode_API_values.png

Debug Mode

If True provides extended output after the skillet is complete.

  • output response messages after skillet execution: success or failed responses

  • .meta-cnc.yaml text

  • context variable values

  • For validation skillets this shows the capture outputs to assist with skillet testing and tuning.

../_images/Skillet_Test_Tool_debug_mode_select.png

Skillet Content

This is the skillet to be played. Paste in the complete .meta-cnc.yaml file content including the preamble.

../_images/Skillet_Test_Tool_skillet_content.png

Note

In panHandler this content is cached and will appear each time the Test Tool skillet is used. This allows for minor editing in the tool to quickly test skillets. However if extensive edits are required, edits should be done in the skillet editor to ensure YAML syntax and alignment is correct.

Test Tool Output

Based on the skillet type and debug mode, output will vary.

../_images/Skillet_Test_Tool_output.png

More detailed outputs and using the test tool is covered in the details for building skillets.


Configuration Explorer Tool

The Configuration Explorer Tool is used to display XML elements and values based on XML parsing syntax.

  • Used to discover capture outputs in validation skillets

  • assist with manual exploration of XPath and XML element associations

../_images/Skillet_Test_Tool_tile.png

When running the explorer tool choose between Offline and Online modes. Also select Debug mode if required.

Config Explorer Offline Mode

In offline mode the user pastes in the XML configuration file without the use of API interactions.

../_images/Configuration_Explorer_Tool_offline_mode_input.png

Note

Export the configuration files from the NGFW or Panorama before running the test tool.

Config Explorer Online Mode

Exports the device configuration based on the API values.

../_images/Configuration_Explorer_Tool_online_mode_API_values.png

XPATH Query

The XPath query to use against the configuration file.

../_images/Configuration_Explorer_Tool_xpath_query.png

Example XPath queries and syntax details are covered in the Parsing Syntax Basics documentation.

Configuration Explorer Output

The output shows the results of the XPath query as an XML element, value, or list of values. This is determined by the input query syntax.

../_images/Configuration_Explorer_Tool_output.png

Output details include:

  • the XPath queried

  • XML results as an XML element, value, or list of values

  • JSON version of the XML results


Sample Configuration Skillet

This skillet provides a reference configuration skillet used in the tutorial content.

../_images/Sample_Configuration_tile.png

Configuration includes:

  • tag snippet with tag name, description, and color variables

  • external-list snippet with external-list name, description, and URL variables

  • Inbound and Outbound block security policies referencing tag and external-list variables

../_images/Sample_Configuration_input_variables.png

View the details of the configuration skillet


Sample Validation Skillet

This skillet provides a reference validation skillet used in the tutorial content.

../_images/Sample_Validation_tile.png

Validation includes:

  • check that NTP servers are configured

  • check that password complexity is enabled with a 12 char minimum password

  • check that all url-filtering profiles block category malware

  • check that all allow security policies include a profile or group

../_images/Sample_Validation_output.png

View the details of the validation skillet


Skillet YAML File Template

This skillet uses a simple text render to generate a starter .meta-cnc.yaml formatted output.

../_images/Skeleton_YAML_tile.png

Skeleton file inputs include:

  • Skillet ID: unique name for the skillet

  • Skillet Label: short text label used for skillet selection

  • Skillet description: descriptive text outlining the skillet usage

  • Collection Name: contextual name to group skillets

  • Skillet type: type of skillet (eg. panos, panorama, pan_validation)

../_images/Skeleton_YAML_inputs.png

View the skeleton YAML template