We have added PAN-OS feature Rule Hit Count in to the BPA for firewalls running PAN-OS 9.0 and later. Now in the BPA results, we can filter those rules for adoption and best practices that are only passing traffic.
This greatly helps in focusing to increase adoption and best practices on the rules that are used. We want to apply different security capabilities on rules that are actively passing traffic, and (if possible) delete rules that are not being used to tighten the security rulebase.
Read "Rule Hit Count in Best Practice Assessment (BPA) Report" to learn more about this feature and how to use it.
We have added the zone names in the Zone Protection Profile cards to indicate which zones are being impacted with a specific Zone Protection Profile (ZPP). This helps to identify which ZPPs are effectively configured and passing best practice checks. It also helps identify the zones it is protecting right in the same place.
We have added newer fields for DoS Protection rules, such as Rule Enabled, Action, Destination Address, Location, and Rule Name.
Some field values, such as "any," were corrected while masking the values.
Corrected the color from white to red for the best practices that were at 0% pass percentage.
Updated the different action field values to ensure the check considers all the options and works consistently to pass the BPA check.
