08-06-2020 10:16 AM
Hello -
Has anyone seen or created, that they'd like to share, just a general checklist of information to collect and steps to do a new install?
08-07-2020 07:04 PM
There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.
Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible.
It's always harder to go back and add features or start turning things on than if they were enabled from the start.
08-07-2020 06:29 AM
Are you doing a migration or a totally greenfield install?
08-07-2020 10:58 AM
Sorry, had to to it this way, it gave me an error when trying to reply to your message directly.
It would be a new install which then would be brought into a mature Pano environment. If that makes sense.
I guess I'm really looking for a spreadsheet of info to fill out which would be needed ahead of time with the steps in order needed to complete the tasks.
Thanks in advance for your time.
08-07-2020 07:04 PM
There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.
Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible.
It's always harder to go back and add features or start turning things on than if they were enabled from the start.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
