Best Practice Assessment Release Notes

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

v3.17.0 - Released on 8/13/2019   New Features   Log Forwarding URL Settings Details: When you create Log Forwarding profiles, forward URL logs to Panorama or another logging system, such as a syslog, SNMP, email, or HTTP server, so you can ensure URL activity logs are retained for a certain duration for compliance reasons, identifying URL activity that was not expected, and any web traffic pattern of compromised systems.     Log Forwarding Authentication Settings Details: When you create Log Forwarding profiles, forward Authentication logs to Panorama or another external logging space, such as a syslog, SNMP, email, or HTTP server, so you can ensure any resources accessed through authentication is recorded and saved for compliance, identifying and correcting authentication policies if extra resources are provided than needed and if any future incident handling.     Security Policy Inbound Malicious IP Feed Details: Before you allow and block traffic by application, it is advisable to block traffic from IP addresses that Palo Alto Networks and trusted third-party sources have proven to be malicious. The rule will ensure that your network is always protected against the IP addresses from the Palo Alto Networks malicious IP address feeds and other feeds, which are compiled and dynamically updated based on the latest threat intelligence.     Security Policy Outbound Malicious IP Address Feed Details: Before you allow and block traffic by application, it is advisable to block traffic from IP addresses that Palo Alto Networks and trusted third-party sources have proven to be malicious. The security rule will ensure that your network is always protected against the IP addresses from the Palo Alto Networks malicious IP address feeds and other feeds, which are compiled and dynamically updated based on the latest threat intelligence. Ensure the security rule is logging at session end and log forwarding profile is applied to track activity.     Security Policy Inbound High Risk IP Address Feed Details: Before you allow and block traffic by application, it is advisable to block traffic from IP addresses that Palo Alto Networks and trusted third-party sources have proven to be High risk in nature. The security rule will ensure that your network is always protected against the IP addresses from the Palo Alto Networks malicious IP address feeds and other feeds, which are compiled and dynamically updated based on the latest threat intelligence. Ensure the security rule is logging at session end and log forwarding profile is applied to track activity.     Security Policy Outbound High Risk IP Address Feed Details: Before you allow and block traffic by application, it is advisable to block traffic from IP addresses that Palo Alto Networks and trusted third-party sources have proven to be high risk in nature. The security rule will ensure that your network is always protected against the IP addresses from the Palo Alto Networks malicious IP address feeds and other feeds, which are compiled and dynamically updated based on the latest threat intelligence. Ensure the security rule is logging at session end and log forwarding profile is applied to track activity.     HA Content Versions Details: This check ensures both the pairs in High Availability (HA) setup are the latest content versions. The content versions checked are Apps and Threat, Antivirus, and URL database. Both pairs in HA will work at optimal levels if the content versions are the same between the devices. The firewall will take same action on traffic if the devices have same content version, so the expected behavior is same across.     Enhancements Added Industry Average trending for ZPP, Log forwarding, and Credential Phishing prevention Added "Rules using Profile" and "Rules using Profile Pct" for Log-forwarding profile, Decryption profile, and DoS protection profiles Added logic to resolve Panorama template variables Improved logic for check #222 – Content-Based Critical System Logs Bug Fixes Fixed a display issue in the HTML report for Application Tags Fixed a calculation bug with the "Rules using Profile Pct" values v3.17.1 (Hotfix) - Released on 8/16/2019 Fixed a parsing issue with Decryption Policies and DoS Protection Policies
View full article
‎09-18-2020 11:33 AM
1,198 Views
0 Replies
Read the BPA Release Notes v3.30 and see what's new. Find out if there were any new features or bugs that were addressed in the release notes.
View full article
‎04-06-2020 03:02 PM
590 Views
0 Replies
Review the new BPA Release Notes for v3.27. See how the new features and bug fixes can help you with checking your system for vulnerabilities. 
View full article
‎04-03-2020 03:37 PM
595 Views
0 Replies
Review the improvements and bug fixes for the BPA. See how the fixed BP Mode Summary Graph can help you.
View full article
‎04-03-2020 02:58 PM
626 Views
0 Replies
Read about the new features, updates, and bug fixes in the BPA Release Notes v3.25.
View full article
‎01-28-2020 01:56 PM
718 Views
0 Replies
Review BPA Release Notes v3.24 to learn about the new features, improvements, and current bug fixes that will help improve the BPA tool experience. 
View full article
‎01-06-2020 02:03 PM
761 Views
0 Replies
Review the BPA release notes for V3.23. Learn how we added managed devices count on the Panorama report and a forwarding decryption check. We also explain some of the bugs that were fixed.
View full article
‎01-06-2020 01:48 PM
799 Views
0 Replies
Review BPA Release Notes for V3.21. Learn about the updates to bug fixes such as updated file blocking profile check, updated Intrazone rule check, and an Xpath evaluation error update.
View full article
‎12-26-2019 09:00 AM
875 Views
0 Replies
View the BPA Release Notes for V3.22. Learn about the added new URL category Grayware part of blocked categories and a check for DNS Security License. We also corrected a bug about parsing accurately.
View full article
‎12-17-2019 11:39 AM
840 Views
0 Replies
v3.19.0 - Released on 9/9/2019   In addition to the enhancements and bug fixes included in this release, the team is hard at work on a major update of the HTML report to be more consistent with the company’s product style guide. Stay tuned for more!   Enhancements Updated check #207 – Credential Theft feature now ensures that business credentials compromising URL categories are set to “Block”   Update logic for WildFire file size checks on PAN-OS < 8.1 to provide a note if the file sizes exceed the recommended value   Added logic to rename "Captive Portal Policy" to "Authentication Policy" if PAN-OS 8.0+   Bug Fixes Updated formula for Zone Protection Profile Adoption calculation to use all enabled rules Fixed a bug with the Rules using Profile % calculations v3.19.1 (Hotfix) - Released on 9/13/2019 Fixed a display issue where Interface Mgmt Network Profiles were missing from the HTML report v3.19.2 (Hotfix) - Released on 9/19/2019 Fixed a bug related to parsing template variables
View full article
‎09-19-2019 10:57 AM
1,119 Views
0 Replies
v3.18.0 - Released on 8/26/2019 At face value, this release squashes several bugs from our backlog. Behind the scenes, however, we are refactoring the codebase to support a larger re-write of the HTML report. More to follow in future releases!   Bug Fixes Fixed GRE Tunnel Keep Alive default values Fixed location of BPA check #71 – GP Portal Agent Config – App Configurations: Enforce GlobalProtect Connection for Network Access in the HTML report
View full article
‎09-03-2019 10:33 AM
1,109 Views
0 Replies
Go here to see the release notes from the June 24, 2019 release. 
View full article
‎07-29-2019 09:12 AM
1,252 Views
0 Replies
Observe the BPA Release Notes for v3.15 released on July 16, 2019. This reveals updates, fixed bugs, and enhancements made to the Best Practice Assessment.
View full article
‎07-29-2019 08:19 AM
1,524 Views
0 Replies
CSP maintenance