This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
About Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

User ID - Connection Security

User ID - Connection Security
View full article
No ratings
‎07-13-2020 09:03 AM

User ID - Group Mapping Included Groups

When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
No ratings
‎07-13-2020 09:01 AM

User ID - Included Networks

When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
No ratings
‎07-13-2020 08:58 AM

User ID Notes - Custom Groups

User ID Notes - Custom Groups
View full article
No ratings
‎07-13-2020 08:56 AM

User ID - Server Monitoring Protocol

User ID - Server Monitoring Protocol
View full article
No ratings
‎07-13-2020 08:53 AM

User ID - Server Monitoring

Firewall acts as User ID agent and tries to communicate with the server(s) to fetch the mapping. The reason we should have at least two servers is even if one server goes down, we can still be able to reach the other server to learn user-to-ipaddress mapping.
View full article
No ratings
‎07-13-2020 08:51 AM

User ID Probing

Do not enable client probing on high-security networks. Client probing can generate a large amount of network traffic and can pose a security threat when misconfigured.
View full article
No ratings
‎07-13-2020 08:49 AM

User ID Timeout - Checking Value

User ID timeout ensures the firewall has most current user to IP address mapping information. Once the timeout is reached, the mappings are cleared from firewall cache and user has to authenticate again to have the mappings learnt. 
View full article
No ratings
‎07-13-2020 08:45 AM

User ID Timeout

User ID timeout ensures the firewall has most current user to IP address mapping information. Once the timeout is reached, the mappings are cleared from firewall cache and user has to authenticate again to have the mappings learnt.
View full article
0% helpful (0/1)
‎07-13-2020 08:43 AM

Dynamic Update - Antivirus Content Update

Antivirus content update frequency should be set to hourly recurrence.
View full article
No ratings
‎07-13-2020 08:02 AM

Dynamic Update - Apps Threats Content Update

Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48.
View full article
No ratings
‎07-13-2020 07:57 AM

Dynamic Updates - Wildfire

Wildfire content update has the latest threat intelligence from cloud sandboxing sent to all the firewalls that have the wildfire subscriptions.
View full article
100% helpful (1/1)
‎07-13-2020 07:55 AM

LDAP Profile Require SSL TLS Secured Connection

Firewall would use more secure SSL/TLS protocol for communicating with the Ldap server and fetching the user group information.
View full article
No ratings
‎07-13-2020 07:52 AM

LDAP Profile Verify Server Certificate for SSL

This option is selected if the firewall wants to verify the directory server before SSL/TLS communication is started.
View full article
No ratings
‎07-13-2020 07:50 AM

LDAP Server Redundancy

In LDAP server profile configuration we have to make sure there is two or more Ldap servers are configured in Ldap server list so that there is always redundancy to connect to Ldap for its services.
View full article
No ratings
‎07-13-2020 07:47 AM

GP Gateway License

GP Gateway License
View full article
No ratings
‎07-13-2020 07:45 AM

PAN-DB URL License

PAN-DB URL License
View full article
No ratings
‎07-13-2020 07:41 AM

Threat Prevention License

Telemetry when enabled the firewall will collect and forward the information to Palo Alto Networks.
View full article
No ratings
‎07-13-2020 07:38 AM

Wildfire License

Wildfire License
View full article
No ratings
‎07-13-2020 07:36 AM

Severity Medium

System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
No ratings
‎07-13-2020 07:32 AM

Severity Informational

System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
No ratings
‎07-13-2020 07:31 AM

Severity High

System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
No ratings
‎07-13-2020 07:23 AM

Severity Critical

System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
No ratings
‎07-13-2020 07:22 AM

Management Interface Settings - Network Connectivity Services

HTTP and Telnet protocols are not secure for Management interface access and hence needs to be disabled to honor any such connections to the management of the device.
View full article
No ratings
‎07-08-2020 05:21 AM

Policy Rulebase - Rule Hit Count

Policy Rulebase - Policy Hit Count
View full article
No ratings
‎07-08-2020 05:12 AM

TACACS Authentication

Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
No ratings
‎07-07-2020 05:31 PM

SNMP - Trap Server Profile Community

Make sure the Community names are not set with the default ones so that we can maintain unique community strings and have no conflicts in the network with multiple SNMP services being used.
View full article
No ratings
‎07-07-2020 05:24 PM

SNMP - Trap Server Profile Version

If using SNMP then use version 3 compared to version 2 as it has authentication and other benefits to keep the network connections secure.
View full article
No ratings
‎07-07-2020 05:21 PM

Support License

Support License
View full article
No ratings
‎07-07-2020 05:19 PM

Authentication Settings - API Key Lifetime

Authentication Settings - API Key Lifetime
View full article
No ratings
‎07-07-2020 01:11 PM
  • 94 Posts
  • 216 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Check for updates

Learn how to subscribe to and receive email notifications here.

Listen to PANCast
Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Listen to PANCast now
Labels
Top Contributors
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks