- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-19-2022 07:11 AM - edited 06-10-2022 01:48 PM
Configuration Wizard
Frequently Asked Questions
(Version 1.0.0)
Q. What is Configuration Wizard?
A. The Palo Alto NetworksⓇ Configuration Wizard is a step-by-step configuration wizard that provides an intuitive, easy-to-use interface to configure firewalls to align with best practices. The Configuration Wizard takes the results of the BPA and expedites the remediation process by outputting commands that can be easily pasted into any instance of PAN-OS and committed. Thus provides a clear call to action on how to remediate failed BPA checks and improve security posture.
Q. What is the difference between BPA and Configuration Wizard?
A. The BPA enables you to obtain context into your security posture from a configuration perspective by generating high level graphics, heatmaps and reports that compare how your configuration aligns with best practices across your industry. Additionally, more granular metrics are shown along with recommendations on how to take action in order to improve configuration security posture across all devices. Whereas, the Configuration Wizard takes the results of the BPA and expedites the remediation process by outputting commands that can be easily pasted into any instance of PAN-OS and committed. Thus provides a clear call to action on how to remediate failed BPA checks and improve security posture.
Q. Why is it important to run a Configuration Wizard?
A. As organizational complexity continues to increase, the attack surface that security teams must address expands parallely. As new technologies are adopted, security teams are posed with the challenge of manually managing controls across all devices while maintaining resource efficiency. Customers struggle to configure their firewalls using existing applications and capabilities to properly secure their network which means a misconfigured firewall offers comparable protection to no firewall at all. Ninety nine percent (99%) of firewall breaches through 2023 will be due to firewall misconfigurations, not firewall flaws, according to Gartner research.
Q. Why do you need to run a Configuration Wizard?
A. Our goal is to provide you with a customized recommendation to remediate failed BPA checks to improve overall security posture. Thus providing a step-by-step guided configuration wizard that would provide an intuitive, easy-to-use interface to configure your Palo Alto NetworksⓇ Next Generation Firewall that aligns with best practices. This involves tech support file (TSF) upload, completing the numbered steps and then executing the commands generated by the Configuration Wizard on to your Firewall.
Q. How do I access the Configuration Wizard?
A. There are two different ways to access the Configuration Wizard.
Customer Support Portal login to your account and click tools, then Best Practice Assessment to generate an assessment of your current configuration. Upload a tech support file to check for failed BPA checks. After the file is analyzed, the BPA report will be generated with the results. Once you open your report, please click “Try Configuration Wizard” tab to launch Configuration Wizard.
You can also access Configuration Wizard from the Get Help location of the Customer Support Portal. Click the Get Help button and when entering the problem description, the system will determine you may be having a configuration issue based on your problem category choice. A “Launch Configuration Wizard” button will appear in the recommended solutions.
Q. How long does it take to run a Configuration Wizard?
A. Report generation should take less than a minute in general and a couple minutes for larger TSF files. The upload process of the tech support file can take slightly longer on slower connections.
Q. What BPA checks are available in Configuration Wizard for remediation?
A. The following 10 BPA checks are available for Configuration Wizard wizard configuration remediation. The Configuration Wizard will walk you through the steps to remediate the failures. At the end, a list of commands generated that allows you to enter on the Firewalls Command Line Interface (CLI) to remediate the failures.
Q. Is the tech support file saved on the server after it is uploaded?
A. No, the tech support file is deleted immediately after the BPA is generated.
Q. Who can access Configuration Wizard?
A. Any user who has access to the Customer Support Portal account and is able to access BPA tool or the Get Help will be able to use Configuration Wizard.
Q. What products are supported by Configuration Wizard?
A. Currently Configuration Wizard supports Palo Alto NetworksⓇ Next Generation Firewall, and Panorama™ products.
Q. What are the three user benefits of Configuration Wizard?
A. The top three benefits to using Configuration Wizard are:
Q. Does Palo Alto Networks share the data with anyone?
A. No, we do not share any of the data outside Palo Alto Networks and we treat it as confidential.
Q. Who do I contact if I need assistance with the Configuration Wizard?
A. You can send questions or inquiries for the BPA+ to the Palo Alto Networks BPA team at bpaplus@paloaltonetworks.com if you need assistance.