Best Practice Assessment Device

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

The data transferred through syslog to a syslog server can be made secure and encrypted by passing the data as transport SSL.
View full article
‎07-16-2020 11:26 AM
487 Views
0 Replies
Configuration logs provides insight to what configuration changes were made, which admin made the changes, time of the change and so on.
View full article
‎07-16-2020 11:23 AM
444 Views
0 Replies
System logs of a firewall or Panorama are very important in learning about the system health, feature functioning, performance and more.
View full article
‎07-16-2020 11:18 AM
432 Views
0 Replies
Session cookie timeout should be set to sufficient value so the user experience is good and should not prompt the user to login multiple times for user to IP address mapping.
View full article
‎07-15-2020 04:25 PM
599 Views
0 Replies
On the Passive firewall the data links can be set to be physically up in a disabled state if we select the option 'Auto' this will help in bringing up the links quickly in a failover event and reduce the convergence time.
View full article
‎07-15-2020 04:19 PM
503 Views
0 Replies
After recovering from failover the higher priority firewall will resume to be the active or active-primary unit if this option is enabled.
View full article
‎07-15-2020 04:18 PM
490 Views
0 Replies
Server Log Monitor frequency setting ensures firewall will query Windows server security logs for user mapping information at set frequency Server Log Monitor frequency should be set in such a way that it should neither be frequent nor delayed.
View full article
‎07-13-2020 01:24 PM
597 Views
0 Replies
HA Timer settings define the time for exchanging packets such as Hello and Heartbeat packets, also set the times for the HA pair devices before taking an action such as remaining active as in monitor fail hold up time and so on.
View full article
‎07-13-2020 01:22 PM
544 Views
0 Replies
If HA1 and HA1-backup are configured with data plane ports then Heartbeat backup is needed. If Management port is used as HA1 bkup then Heartbeat backup is not needed.
View full article
‎07-13-2020 12:57 PM
723 Views
0 Replies
Admin roles can provide us great customization in providing access to just what is needed and restrict the rest of the services in accessing a firewall or panorama.
View full article
‎07-13-2020 12:55 PM
488 Views
0 Replies
Password profile helps by setting a fixed period for the password to be active and expires after that period.
View full article
‎07-13-2020 12:28 PM
541 Views
0 Replies
Administrator accounts need to be controlled and provided the right and sufficient access to resources as necessary.
View full article
‎07-13-2020 12:25 PM
466 Views
0 Replies
Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
‎07-13-2020 12:22 PM
531 Views
0 Replies
The Authentication sequence feature helps in falling back to a secondary, tertiary authenticaion system if the primary authentication method fails.
View full article
‎07-13-2020 12:19 PM
437 Views
0 Replies
Antivirus content update frequency should be set to hourly recurrence.
View full article
‎07-13-2020 12:17 PM
461 Views
0 Replies
GlobalProtect Clientless VPN content update has new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal.
View full article
‎07-13-2020 12:16 PM
438 Views
0 Replies
GlobalProtect Data file has vendor-specific information for the HIP feature to be accurate and current so the checks can be made effectively and reduce false positives.
View full article
‎07-13-2020 12:14 PM
430 Views
0 Replies
Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours.
View full article
‎07-13-2020 12:12 PM
453 Views
0 Replies
If the primary HA1 link fails the backup HA1 link communicates the control information to exchange information such as hearbeat, configuration sync, HA state information etc between the HA pair devices.
View full article
‎07-13-2020 09:55 AM
433 Views
0 Replies
This option when enabled makes sure that the configuration is synchronized between the HA pair devices.
View full article
‎07-13-2020 09:52 AM
425 Views
0 Replies
When enabled it monitors the connection stability between the HA pair devices on HA2 connection.
View full article
‎07-13-2020 09:49 AM
581 Views
0 Replies
Session information will be synchronized with the passive device.
View full article
‎07-13-2020 09:46 AM
433 Views
0 Replies
Link monitoring helps the firewall to failover if a physical link or group of links fail.
View full article
‎07-13-2020 09:43 AM
550 Views
0 Replies
This option when enabled makes sure that the configuration is synchronized between the HA pair devices.
View full article
‎07-13-2020 09:26 AM
496 Views
0 Replies
When Path Monitoring is enabled, ensure Path group(s) are defined with either Vwire path, Vlan Path or Virtual router path.
View full article
‎07-13-2020 09:24 AM
445 Views
0 Replies
Authentication Settings under Firewall Management is available for authenticating administrators who have external accounts that are not defined in the firewall.
View full article
‎07-13-2020 09:19 AM
445 Views
0 Replies
Captive Portal Settings should be enabled if Captive portal services are being used.
View full article
‎07-13-2020 09:17 AM
452 Views
0 Replies
User ID - Connection Security
View full article
‎07-13-2020 09:03 AM
425 Views
0 Replies
When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
‎07-13-2020 09:01 AM
543 Views
0 Replies
When configuring 'Group mappings' we have to make sure 'Group Include list' is populated with the required groups only in the 'Include groups' so that the firewall will fetch the user group mapping for just those groups and not the whole tree from the ldap directory.
View full article
‎07-13-2020 08:58 AM
398 Views
0 Replies
CSP maintenance
Labels
Top Contributors