GlobalProtect Data File dynamic update time not specified

PaloAltoNetworks / iron-skillet

IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.

MIT License

200 stars 104 forks source link

GlobalProtect Data File dynamic update time not specified #25

Closed ctktfg closed 5 years ago

ctktfg commented 5 years ago

The BPA tool wants a setting specified for the GP Data File dynamic update time. Propose adding the following where appropriate:

            <global-protect-datafile>
              <recurring>
                <hourly>
                  <at>26</at>
                  <action>download-and-install</action>
                </hourly>
              </recurring>
            </global-protect-datafile>

scotchoaf commented 5 years ago

the team had decided to not make this part of the base template and instead part of a globalprotect configuration option.

scotchoaf commented 5 years ago

Will be added using:

NAME: Global Protect / Clientless VPN
PATH: <config urldb="paloaltonetworks" version="VERSION"><devices><entry name="localhost.localdomain"><deviceconfig><system><update-schedule>
XML:
  <global-protect-datafile>
    <recurring>
      <hourly>
        <at>40</at>
        <action>download-and-install</action>
      </hourly>
    </recurring>
  </global-protect-datafile>
  <global-protect-clientless-vpn>
    <recurring>
      <hourly>
        <at>50</at>
        <action>download-and-install</action>
      </hourly>
    </recurring>
  </global-protect-clientless-vpn>

scotchoaf commented 5 years ago

Added for all IronSkillet releases