Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
About Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

User ID - Connection Security
View full article
When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
User ID Notes - Custom Groups
View full article
User ID - Server Monitoring Protocol
View full article
Firewall acts as User ID agent and tries to communicate with the server(s) to fetch the mapping. The reason we should have at least two servers is even if one server goes down, we can still be able to reach the other server to learn user-to-ipaddress mapping.
View full article
Do not enable client probing on high-security networks. Client probing can generate a large amount of network traffic and can pose a security threat when misconfigured.
View full article
User ID timeout ensures the firewall has most current user to IP address mapping information. Once the timeout is reached, the mappings are cleared from firewall cache and user has to authenticate again to have the mappings learnt. 
View full article
User ID timeout ensures the firewall has most current user to IP address mapping information. Once the timeout is reached, the mappings are cleared from firewall cache and user has to authenticate again to have the mappings learnt.
View full article
Antivirus content update frequency should be set to hourly recurrence.
View full article
Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48.
View full article
Wildfire content update has the latest threat intelligence from cloud sandboxing sent to all the firewalls that have the wildfire subscriptions.
View full article
Firewall would use more secure SSL/TLS protocol for communicating with the Ldap server and fetching the user group information.
View full article
This option is selected if the firewall wants to verify the directory server before SSL/TLS communication is started.
View full article
In LDAP server profile configuration we have to make sure there is two or more Ldap servers are configured in Ldap server list so that there is always redundancy to connect to Ldap for its services.
View full article
GP Gateway License
View full article
PAN-DB URL License
View full article
Telemetry when enabled the firewall will collect and forward the information to Palo Alto Networks.
View full article
Wildfire License
View full article
System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
Content-based Critical System Logs
View full article
HTTP and Telnet protocols are not secure for Management interface access and hence needs to be disabled to honor any such connections to the management of the device.
View full article
Policy Rulebase - Policy Hit Count
View full article
Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
Make sure the Community names are not set with the default ones so that we can maintain unique community strings and have no conflicts in the network with multiple SNMP services being used.
View full article
If using SNMP then use version 3 compared to version 2 as it has authentication and other benefits to keep the network connections secure.
View full article
Support License
View full article
  • 94 Posts
  • 218 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors