New Install Checklist

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

New Install Checklist

L2 Linker

Hello -

Has anyone seen or created, that they'd like to share, just a general checklist of information to collect and steps to do a new install?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MrWonderful,

There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.

Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible. 

It's always harder to go back and add features or start turning things on than if they were enabled from the start. 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@MrWonderful,

Are you doing a migration or a totally greenfield install? 

L2 Linker

@BPry 

Sorry, had to to it this way, it gave me an error when trying to reply to your message directly.

 

It would be a new install which then would be brought into a mature Pano environment.  If that makes sense.

 

I guess I'm really looking for a spreadsheet of info to fill out which would be needed ahead of time with the steps in order needed to complete the tasks.

 

Thanks in advance for your time.

Cyber Elite
Cyber Elite

@MrWonderful,

There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.

Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible. 

It's always harder to go back and add features or start turning things on than if they were enabled from the start. 

  • 1 accepted solution
  • 3126 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!