ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
We have added PAN-OS feature Rule Hit Count in to the BPA for firewalls running PAN-OS 9.0 and later. Now in the BPA results, we can filter those rules for adoption and best practices that are only passing traffic.
This greatly helps in focusing to increase adoption and best practices on the rules that are used. We want to apply different security capabilities on rules that are actively passing traffic, and (if possible) delete rules that are not being used to tighten the security rulebase.
Read "Rule Hit Count in Best Practice Assessment (BPA) Report" to learn more about this feature and how to use it.
We have added the zone names in the Zone Protection Profile cards to indicate which zones are being impacted with a specific Zone Protection Profile (ZPP). This helps to identify which ZPPs are effectively configured and passing best practice checks. It also helps identify the zones it is protecting right in the same place.
We have added newer fields for DoS Protection rules, such as Rule Enabled, Action, Destination Address, Location, and Rule Name.
Some field values, such as "any," were corrected while masking the values.
Corrected the color from white to red for the best practices that were at 0% pass percentage.
Updated the different action field values to ensure the check considers all the options and works consistently to pass the BPA check.