Automate policy and object tightening

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automate policy and object tightening

L0 Member

Firewalls need to be able to improve their own status automatically by adjusting rules, policies and objects automatically to be more secure by using usage date. An example, system a talks to system b on a selection of ports all configured on the firewall. All designed and planned on human logic. After a month some ports have no traffic between the systems. The firewall should detect this and remove the unused ports from the configuration so that the rule is more secure. The same for source and destination ip addresses. If ip's or ranges show no usage after an extended period, firewall should tighten access to used ip addresses. Obviously allow an override where it's needed. Imaging installing a firewall, that gets more secure over time by removing unused ports, rules and ip's. 


Cyber Elite
Cyber Elite


I think you just described policy optimizer recommendations almost to a T, just that it's not automated 😀


Personally I don't think I would ever want my firewall automatically changing policies and removed "unused" app-ids or rulebase entries. There's plenty of rules and app-ids that I have across various clients that only get hit during quarterly or even yearly business practices. Policy Optimizer routinely tells me the rules are unused, even though the schedule assigned isn't active and I don't expect it to be hit for months to follow. I wouldn't want to suddenly find my firewall removed an app that was needed or a security rulebase entry that was needed. 


L5 Sessionator

Same with expedition. Run our migration tool on a linux box, forward it some logs, give it your palo config, and it will recommend enhancements. See more here


Or we are coming out with a similar solution for $, AIOps. See more here.

Help the community! Add tags and mark solutions please.
  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!