https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589669#M3309 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/596147711">@gajji229</a></P> <P>&nbsp;</P> <P>to only add what Jay mentioned it is crucial to enabled <A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection" target="_self">inbound ssl decryption</A>&nbsp;to allow Firewall have a full visibility into incoming traffic.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Mon, 17 Jun 2024 01:06:01 GMT PavelK 2024-06-17T01:06:01Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589542#M3303 I got request to do PA WAF risk assessment for my environment, do you have any suggestions how should i do Any documents/steps/url that i can follow to do the same. Thu, 13 Jun 2024 17:34:07 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589542#M3303 gajji229 2024-06-13T17:34:07Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589624#M3305 <P>Hi <SPAN><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/596147711">@gajji229</a></SPAN> ,</P> <P>&nbsp;</P> <P>Hope you're doing well!</P> <P>&nbsp;</P> <P>If you have a public-facing web application that handles sensitive data, it's a good idea to include a dedicated Web Application Firewall (WAF) in your architecture alongside your Next-Generation Firewall (NGFW). You might want to check out <A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-intro" target="_blank" rel="noopener">Prisma Cloud's Web-Application and API Security (WAAS)</A> offering—it could be a great fit for your organization's needs.</P> <P>&nbsp;</P> <P>When doing your assessment, consider the differences between <A href="https://www.paloaltonetworks.com/cyberpedia/difference-between-wafs-and-ngfws" target="_self">NGFW and WAFs</A>. It's important to determine whether it's acceptable for your organization to operate without a dedicated WAF. Keep in mind that assessing just the NGFW might not cover all the crucial areas a WAF is designed to protect.</P> <P>&nbsp;</P> Fri, 14 Jun 2024 16:16:44 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589624#M3305 JayGolf 2024-06-14T16:16:44Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589669#M3309 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/596147711">@gajji229</a></P> <P>&nbsp;</P> <P>to only add what Jay mentioned it is crucial to enabled <A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/ssl-inbound-inspection" target="_self">inbound ssl decryption</A>&nbsp;to allow Firewall have a full visibility into incoming traffic.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Mon, 17 Jun 2024 01:06:01 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-waf-risk-assessment/m-p/589669#M3309 PavelK 2024-06-17T01:06:01Z