Configuration Wizard Additional Best Practice Check Support  (Version 1.3.0)

Configuration Wizard

Additional Best Practice Check Support 

(Version 1.3.0)

This document provides detail on an additional BPA check that was recently added into Configuration Wizard.

Before we get into details we would like to provide a quick overview of Configuration Wizard. It’s a step-by-step configuration wizard that provides an intuitive, easy-to-use interface to configure firewalls to align with best practices. The Configuration Wizard takes the results of the BPA report and expedites the remediation process by outputting commands that can be easily pasted into any instance of PAN-OS and committed.  This helps to configure their firewalls using existing applications and capabilities to properly secure their network.  

Benefits of BPA+ include:

• Improved Security Posture - Ensure expert best practices are being adhered to.
• Quick & Easy - Deploy and implement best practices easily with the configuration wizard. 
• Maximize Return on Investment - Get the most out of NGFW features with best-practice configurations.

Best Practice Check available in Version 1.3.0

Script File Size Limit

The file size for script files should be set so all script files that pass through the firewall are sent to WildFire for inspection. The best practice assessment check ensures the file size limit for script files is set to 20KB.

As each firewall model has a different disk buffer size for forwarding to sandbox, increasing the maximum script file size limit may affect forwarding capacity in terms of the number of files the firewall can forward. So it’s possible that not all files would be forwarded to WildFire if multiple big zero-day files are processed at same time. You can tune the maximum size setting and observe whether there’s enough buffer space to handle a higher limit.

Feedback? contact us at bpaplus@paloaltonetworks.com