IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.
MIT License
200
stars
104
forks
source link
Wildfire size limits don't match best practices #95
Defaults from Iron Skillet for WF sizes don't match best practices
Here's an output from a BPA from a firewall that's a fresh config and has had Iron Skillet applied (including the items that are correct):
Archive File Size Limit (Fail): It is recommended to set the file size limit for "archive" to a value of 50
Flash File Size Limit (Pass)
Jar File Size Limit (Pass)
Linux File Size Limit (Fail): It is recommended to set the file size limit for "linux" to a value of 50
MacOSX File Size Limit (Fail): It is recommended to set the file size limit for "MacOSX" to a value of 10
MS Office File Size Limit (Fail): It is recommended to set the file size limit for "ms-office" to a value of 16384
PDF File Size Limit (Fail): It is recommended to set the file size limit for "pdf" to a value of 3072
PE File Size Limit (Fail): It is recommended to set the file size limit for "pe" to a value of 16
Report Grayware Files Enabled (Pass)
Session Information Settings (Pass)
Defaults from Iron Skillet for WF sizes don't match best practices
Here's an output from a BPA from a firewall that's a fresh config and has had Iron Skillet applied (including the items that are correct):
Archive File Size Limit (Fail): It is recommended to set the file size limit for "archive" to a value of 50 Flash File Size Limit (Pass) Jar File Size Limit (Pass) Linux File Size Limit (Fail): It is recommended to set the file size limit for "linux" to a value of 50 MacOSX File Size Limit (Fail): It is recommended to set the file size limit for "MacOSX" to a value of 10 MS Office File Size Limit (Fail): It is recommended to set the file size limit for "ms-office" to a value of 16384 PDF File Size Limit (Fail): It is recommended to set the file size limit for "pdf" to a value of 3072 PE File Size Limit (Fail): It is recommended to set the file size limit for "pe" to a value of 16 Report Grayware Files Enabled (Pass) Session Information Settings (Pass)