Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
About Best Practice Assessment Device

Here you will find content that will no longer be featured across LIVEcommunity. Although the content will soon be retired, it may still be relevant for your needs. For the most accurate and updated information on BPA, please visit the AIOps for NGFW articles.

Authentication Settings - API Key Lifetime
View full article
A failed attempt to login may be made out of human error and can be corrected in couple attempts.
View full article
An idle session to firewall from an administrator machine may allow an unintended user to access and make changes to the firewall that may impact traffic flow.
View full article
Lockout time helps in disconnecting an administrator for certain time period before the next login attempt is made to make sure continuous attempts are not made to login into the system.
View full article
Ensure SSL/TLS service profile is configured under Setup > Management > General settings.
View full article
Hostname of the firewall should be configured uniquely so that they are well recognized while working or managing the devices.
View full article
A ‘login banner’ is text that you can add to the login page so that administrators will see information they must know before they log in.
View full article
A system log is generated when packet processing load on the firewall hits 100% CPU usage.
View full article
Permitted IP addresses when configured ensures only the IP address and subnets defined in this list can access the firewall management interface and deny the rest of the IP addresses accessing the device management.
View full article
Content ID - App ID Inspection Queue
View full article
Logging and Reporting Services - Predefined Reports
View full article
By enabling this option, a commit lock is automatically created as soon as configuration changes are made by an administrator.
View full article
Logging and Reporting Settings - Log Retention Period
View full article
TCP Content Inspection Queue
View full article
FQDN Refresh Time
View full article
NTP server when configured maintains the firewall's clock in synchronous to the NTP server.
View full article
We can enable the firewall to authenticate with an NTP server even before firewall's clock is synchronized with NTP server.
View full article
Update server is the Palo Alto Networks server where the firewall and Panorama fetches the content, software and other updates.
View full article
Accelerated aging helps in aging out idle sessions if the session table reaches a threshold level which is configurable.
View full article
By enabling Rematch Sessions firewall will apply newly created security rules to the existing active sessions.
View full article
To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure packet buffer protection.
View full article
Session can be idle and open for certain time before it times out.
View full article
TCP Out Of Order
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
The file size limit here is set to max file size so that any file size when passed through the firewall that matches the file type should be sent to the wildfire for inspection.
View full article
Wildfire submission logs would have log event when a file sent to the Wildfire cloud for inspection was identified and given verdict as Grayware file.
View full article
  • 94 Posts
  • 216 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors