Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(examples): Hardening management access to PAN-OS devices #51

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat(examples): Hardening management access to PAN-OS devices #51

wants to merge 5 commits into from

Conversation

pavelrn
Copy link
Contributor

@pavelrn pavelrn commented Nov 28, 2024

Description

  • Updating the PAN-OS version used in the examples
  • Remove public IP from the management interfaces (create_public_ip=false)
  • Update Cloud Firewall policy rules to restrict access to the management interface

Motivation and Context

Closes #50.

How Has This Been Tested?

Sample topology built in a test project.

Screenshots (if appropriate)

n/a

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist

  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes if appropriate.
  • All new and existing tests passed.

@pavelrn pavelrn added the enhancement New feature or request label Nov 28, 2024
@pavelrn pavelrn self-assigned this Nov 28, 2024
@pavelrn pavelrn requested a review from a team as a code owner November 28, 2024 11:13
@pavelrn pavelrn linked an issue Nov 28, 2024 that may be closed by this pull request
Remove Public IP Access to Management Interfaces #50
Open
horiagunica
horiagunica approved these changes Nov 29, 2024
View reviewed changes
Copy link
Contributor

@horiagunica horiagunica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - one recommended change request from my side.

examples/multi_nic_common/example.tfvars
@@ -171,7 +171,7 @@ routes = {

vmseries_common = {
ssh_keys = "admin:<YOUR_SSH_KEY>"
vmseries_image = "vmseries-flex-byol-1029h1"
vmseries_image = "vmseries-flex-byol-10210h9"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can use the same vmseries image across the board ? Like the latest recommended 11 image with the CVE hotfix.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

10.2.10-h9 is currently the preferred image for 10.2.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know - but what I am suggesting is to have the same version across all images - which is 11.X.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalbil michalbil michalbil approved these changes

@horiagunica horiagunica horiagunica approved these changes

Assignees

@pavelrn pavelrn

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove Public IP Access to Management Interfaces
3 participants
@pavelrn @horiagunica @michalbil