https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379301#M89558 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp; Thanks&nbsp;</P><P>&nbsp;</P><P>As i mentioned , we are still having few rules where we are using port based and not APP ID but we are in transition phase;</P><P>&nbsp;</P><P>I know of Best Practices document ;&nbsp; Is it OK that we apply these security profiles in alert mode as mentioned in best Pratices document</P><P>&nbsp;</P><P>and then observe.</P><P>and later on move to more strict actions</P><P>&nbsp;</P><P>Is it OK to apply Security Profiles to the rules which dont have APP ID , will Security profiles work without APP-ID , just asking ?</P> Tue, 12 Jan 2021 13:28:30 GMT FWPalolearner 2021-01-12T13:28:30Z https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379242#M89553 <P>Hi ,</P><P>We have a customer running a cluster of PA 3060 .&nbsp;</P><P>The goal is to enable security features on at least 30-40 percent of the rules initially . like</P><P>URL Filtering&nbsp;</P><P>AntiVirus</P><P>Antispyware</P><P>Wildfire</P><P>Vulnerability Assessment&nbsp;</P><P>&nbsp;</P><P>Are there any Best practices rules which covers or are generic to most ( if not all) organisations ?</P><P>&nbsp;</P><P>SSL Decryption is at later stage . The rules where these features are required to be implemented have mostly APP-ID enabled .</P><P>&nbsp;</P><P>But how to start with piratically . I have read Best Practices guide but it is more theory . Do anyone has a LAB or sample dump of rule base for each of the above Security features</P><P>&nbsp;</P> Tue, 12 Jan 2021 10:03:12 GMT https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379242#M89553 FWPalolearner 2021-01-12T10:03:12Z https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379255#M89554 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133520">@FWPalolearner</a> ,</P> <P>&nbsp;</P> <P>You might want to check out the Best Practice Assessment page here on LIVE which will provide you with loads of information on best practices: <A href="https://live.paloaltonetworks.com/t5/best-practice-assessment/ct-p/Best_Practice_Assessment" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/best-practice-assessment/ct-p/Best_Practice_Assessment</A>&nbsp;</P> <P>&nbsp;</P> <P>A good place to start would be to run the Best Practice Assessment in the Customer Support Portal and then, based on the output report, move forward from there.&nbsp; A detailed video on how to do that can be found on the LIVEcommunity YouTube channel : <A href="https://www.youtube.com/watch?v=WJSGCDdN2Q4" target="_blank" rel="noopener">https://www.youtube.com/watch?v=WJSGCDdN2Q4</A>&nbsp;</P> <P>&nbsp;</P> <P>cheers !</P> <P>-Kiwi.</P> Tue, 12 Jan 2021 10:34:41 GMT https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379255#M89554 kiwi 2021-01-12T10:34:41Z https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379301#M89558 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp; Thanks&nbsp;</P><P>&nbsp;</P><P>As i mentioned , we are still having few rules where we are using port based and not APP ID but we are in transition phase;</P><P>&nbsp;</P><P>I know of Best Practices document ;&nbsp; Is it OK that we apply these security profiles in alert mode as mentioned in best Pratices document</P><P>&nbsp;</P><P>and then observe.</P><P>and later on move to more strict actions</P><P>&nbsp;</P><P>Is it OK to apply Security Profiles to the rules which dont have APP ID , will Security profiles work without APP-ID , just asking ?</P> Tue, 12 Jan 2021 13:28:30 GMT https://live.paloaltonetworks.com/t5/general-topics/enabling-security-features/m-p/379301#M89558 FWPalolearner 2021-01-12T13:28:30Z