Configuration Wizard Additional Best Practice Checks Support  (Version 1.2.0)

Configuration Wizard

Additional Best Practice Checks Support

This document provides detail on additional BPA checks that were recently added into Configuration Wizard.

Before we get into details we would like to provide a quick overview of Configuration Wizard. It’s a step-by-step configuration wizard that provides an intuitive, easy-to-use interface to configure firewalls to align with best practices. The Configuration Wizard takes the results of the BPA report and expedites the remediation process by outputting commands that can be easily pasted into any instance of PAN-OS and committed.  This helps to configure their firewalls using existing applications and capabilities to properly secure their network.  

Benefits of BPA+ include:

• Improved Security Posture - Ensure expert best practices are being adhered to.
• Quick & Easy - Deploy and implement best practices easily with the configuration wizard. 
• Maximize Return on Investment - Get the most out of NGFW features with best-practice configurations.

Best Practice Checks that can be remediate with Configuration Wizard

WildFire Profile File Types

Configure the firewall to forward files to WildFire for analysis. Through the WildFire Analysis Profile, all files being uploaded or downloaded will be sent to WildFire for analysis. The WildFire Profile File Types best practice check ensures all file types for all applications are sent to WildFire for analysis.

The WildFire Cloud and on-premises private cloud analyzes new files that the firewall hasn’t seen before. It sends all new files for all applications to WildFire for analysis and inspection. WildFire detects unknown threats in all file types and protects you against zero-day threats (new malware) and advanced persistent threats. 

Antivirus Profile Decoder Wildfire Inline ML Action

The WildFire Action setting in Antivirus profiles blocks viruses that WildFire identifies in content signature updates in the Antivirus profile. The WildFire Decoder Actions best practice check ensures the decoders are set to reset-both, drop, reset-client, or reset-server in the WildFire Action column.

If users have a WildFire subscription, their firewalls receive zero-day malware signatures from the WildFire cloud, as fast as under a minute after the threat is discovered. The WildFire Action setting in Antivirus profiles is based on WildFire content signature updates.

Report Grayware Files Enabled

Wildfire submission logs would have a log event when a file sent to the Wildfire cloud for inspection was identified and given a verdict as Grayware file. If not enabled this log is not created and is created only for malware files.

When the Report Grayware Files option is enabled, details such as session information, Behavioral summary, Network Activity, Host Activity and more that are helpful in analytics. As a best practice, we recommend having a check mark on the Report Grayware File box under WildFire general Settings in Device Setup.

Feedback? contact us at bpaplus@paloaltonetworks.com