This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
About Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

Content ID - HTTP Partial Response

Content ID - HTTP Partial Response
View full article
No ratings
‎06-29-2021 04:49 PM

Content ID - UDP Content Inspection Queue

Content ID - UDP Content Inspection Queue
View full article
No ratings
‎06-29-2021 04:40 PM

Content ID - Decrypted Content Forward to Wildfire

This option should be checked to send the unknown files to wildfire for sandboxing if the file was received on NGFW as part of encrypted traffic.
View full article
No ratings
‎06-29-2021 04:40 PM

Log Settings - Config

Configuration logs provides insight to what configuration changes were made, which admin made the changes, time of the change and so on.
View full article
No ratings
‎04-07-2021 06:24 AM

Syslog Server Profile Transport

The data transferred through syslog to a syslog server can be made secure and encrypted by passing the data as transport SSL.
View full article
No ratings
‎07-16-2020 11:26 AM

Log Settings > System > Severity: Low

System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
No ratings
‎07-16-2020 11:18 AM

User ID - Captive Portal Session Cookie Timeout

Session cookie timeout should be set to sufficient value so the user experience is good and should not prompt the user to login multiple times for user to IP address mapping.
View full article
No ratings
‎07-15-2020 04:25 PM

High Availability - Passive Link state

On the Passive firewall the data links can be set to be physically up in a disabled state if we select the option 'Auto' this will help in bringing up the links quickly in a failover event and reduce the convergence time.
View full article
No ratings
‎07-15-2020 04:19 PM

High Availability - Preemptive

After recovering from failover the higher priority firewall will resume to be the active or active-primary unit if this option is enabled.
View full article
No ratings
‎07-15-2020 04:18 PM

User ID_ServerMonitorFrequency

Server Log Monitor frequency setting ensures firewall will query Windows server security logs for user mapping information at set frequency Server Log Monitor frequency should be set in such a way that it should neither be frequent nor delayed.
View full article
No ratings
‎07-13-2020 01:24 PM

High Availability - HA Timer

HA Timer settings define the time for exchanging packets such as Hello and Heartbeat packets, also set the times for the HA pair devices before taking an action such as remaining active as in monitor fail hold up time and so on.
View full article
No ratings
‎07-13-2020 01:22 PM

High Availability - HA Heartbeat Backup

If HA1 and HA1-backup are configured with data plane ports then Heartbeat backup is needed. If Management port is used as HA1 bkup then Heartbeat backup is not needed.
View full article
50% helpful (1/2)
‎07-13-2020 12:57 PM

Admin Roles

Admin roles can provide us great customization in providing access to just what is needed and restrict the rest of the services in accessing a firewall or panorama.
View full article
No ratings
Rate this article:
‎07-13-2020 12:55 PM

Administration - Admin Password Profile

Password profile helps by setting a fixed period for the password to be active and expires after that period.
View full article
No ratings
‎07-13-2020 12:28 PM

Administrators - Local Admins

Administrator accounts need to be controlled and provided the right and sufficient access to resources as necessary.
View full article
No ratings
‎07-13-2020 12:25 PM

Authentication Profile

Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
No ratings
‎07-13-2020 12:22 PM

Authentication Sequence

The Authentication sequence feature helps in falling back to a secondary, tertiary authenticaion system if the primary authentication method fails.
View full article
No ratings
‎07-13-2020 12:19 PM

Dynamic Updates - Antivirus

Antivirus content update frequency should be set to hourly recurrence.
View full article
0% helpful (0/1)
‎07-13-2020 12:17 PM

Dynamic Updates - Clientless VPN

GlobalProtect Clientless VPN content update has new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal.
View full article
No ratings
‎07-13-2020 12:16 PM

Dynamic Updates - GlobalProtect

GlobalProtect Data file has vendor-specific information for the HIP feature to be accurate and current so the checks can be made effectively and reduce false positives.
View full article
No ratings
‎07-13-2020 12:14 PM

Dynamic Updates - New App ID Threshold

Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours.
View full article
No ratings
‎07-13-2020 12:12 PM

High Availability - Backup Peer HA1 IP Address

If the primary HA1 link fails the backup HA1 link communicates the control information to exchange information such as hearbeat, configuration sync, HA state information etc between the HA pair devices.
View full article
100% helpful (2/2)
‎07-13-2020 09:55 AM

High Availability - Configuration Sync

This option when enabled makes sure that the configuration is synchronized between the HA pair devices.
View full article
No ratings
‎07-13-2020 09:52 AM

High Availability - HA2 Keep Alive

When enabled it monitors the connection stability between the HA pair devices on HA2 connection.
View full article
100% helpful (1/1)
‎07-13-2020 09:49 AM

High Availability - HA2 Session Synchronization

Session information will be synchronized with the passive device.
View full article
No ratings
‎07-13-2020 09:46 AM

High Availability Link Monitoring

Link monitoring helps the firewall to failover if a physical link or group of links fail.
View full article
No ratings
‎07-13-2020 09:43 AM

High Availability - Session Synchronization

This option when enabled makes sure that the configuration is synchronized between the HA pair devices.
View full article
No ratings
‎07-13-2020 09:26 AM

High Availability - Path Monitoring

When Path Monitoring is enabled, ensure Path group(s) are defined with either Vwire path, Vlan Path or Virtual router path.
View full article
No ratings
‎07-13-2020 09:24 AM

Radius Authentication Method

Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
No ratings
‎07-13-2020 09:19 AM

User ID - Captive Portal Enabled

Captive Portal Settings should be enabled if Captive portal services are being used.
View full article
No ratings
Rate this article:
‎07-13-2020 09:17 AM
  • 94 Posts
  • 222 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Check for updates

Learn how to subscribe to and receive email notifications here.

Listen to PANCast
Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Listen to PANCast now
Labels
Top Contributors
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks