05-23-2022 04:18 PM - edited 06-10-2022 01:43 PM
Configuration Wizard
Additional Best Practice Checks Support
(Version 1.4.0)
This document provides detail on additional BPA checks that were recently added into Configuration Wizard.
Before we get into details we would like to provide a quick overview of Configuration Wizard. It’s a step-by-step configuration wizard that provides an intuitive, easy-to-use interface to configure firewalls to align with best practices. The Configuration Wizard takes the results of the BPA report and expedites the remediation process by outputting commands that can be easily pasted into any instance of PAN-OS and committed. This helps to configure their firewalls using existing applications and capabilities to properly secure their network.
Benefits of Configuration Wizard include:
Best Practice Checks that can be remediate with Configuration Wizard
|
Category |
BPA Checks |
|
Device |
PE File Size Limit PDF File Size Limit MacOSX File Size Limit APK File Size Limit Archive File Size Limit Flash File Size Limit Jar File Size Limit Linux File Size Limit MS Office File Size Limit |
PE File Size Limit
The file size for PE files should be set so all PE files that pass through the firewall are sent to WildFire for inspection. Each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum PE file size limit may affect forwarding capacity in terms of the number of files the firewall can forward.
It is possible that not all files would be forwarded to WildFire if multiple bug zero-day files are processed at the same time. You can tune the maximum size setting and observe whether there’s enough buffer space to handle a higher limit. The Best practice assessment check ensures the file size limit for PE files is set to 16MB.
PDF File Size Limit
The maximum file size for PDF files should be set so all PDF files that pass through the firewall are sent to WildFire for inspection. Each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum PE file size limit may affect forwarding capacity in terms of the number of files the firewall can forward.
It is possible that not all files would be forwarded to WildFire if multiple bug zero-day files are processed at the same time. You can tune the maximum size setting and observe whether there’s enough buffer space to handle a higher limit. The Best practice assessment check ensures the PDF file size is set at 3,072KB.
MacOSX File Size Limit
Set the file size for "MacOSX" files to 10 MB so all MacOSX files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum MacOSX file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time.
You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
APK File Size Limit
Set the file size for APK files to 10 MB so all APK files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum APK file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
Archive File Size Limit
Set the maximum file size for archive files to 50 MB so all archive files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size, increasing the maximum archive file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
Flash File Size Limit
Set the file size for "flash" files to 5 MB so all flash files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum flash file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
Jar File Size Limit
Set the file size for "jar" files to 5 MB so all jar files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum jar file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
Linux File Size Limit
Set the maximum file size for Linux files to 50 MB so all Linux files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size, increasing the maximum Linux file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
MS Office File Size Limit
Set the file size for "ms-office" files to 16,384KB so all ms-office files that pass through the firewall are sent to WildFire for inspection. Because each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum ms-office file size limit may affect forwarding capacity in terms of the number of files the firewall can forward, so it's possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there's enough buffer space to handle a higher limit.
Feedback? contact us at bpaplus@paloaltonetworks.com
