New Install Checklist

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

New Install Checklist

Hello -

Has anyone seen or created, that they'd like to share, just a general checklist of information to collect and steps to do a new install?


Accepted Solutions
Highlighted
Cyber Elite

@MrWonderful,

There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.

Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible. 

It's always harder to go back and add features or start turning things on than if they were enabled from the start. 

View solution in original post


All Replies
Cyber Elite

@MrWonderful,

Are you doing a migration or a totally greenfield install? 

Highlighted
L2 Linker

@BPry 

Sorry, had to to it this way, it gave me an error when trying to reply to your message directly.

 

It would be a new install which then would be brought into a mature Pano environment.  If that makes sense.

 

I guess I'm really looking for a spreadsheet of info to fill out which would be needed ahead of time with the steps in order needed to complete the tasks.

 

Thanks in advance for your time.

Highlighted
Cyber Elite

@MrWonderful,

There really isn't any generic installation checklist, as no installation is ever the same across organizations. The first few questions that are generally asked prior to the install is what they are going to be using from a feature standpoint. Are we enabling decryption, are we doing user-id, will this have GlobalProtect active, what subscriptions are being purchased, any public resources being ran through this firewall, are we going to be looking at enabling Zone Protection or DoS? Essentially, what is the unit going to be doing and making sure that everyone is on the same page. No question here is too stupid to ask; we need to ensure that everyone agrees on what features are going to be used and something isn't being assumed.

Since this is a greenfield install, you'd also want to take a good look at best practices and start of using those right away. You'll rarely be able to follow everything, but you'll at least have a good solid foundation to build on. Start off with a zero trust model and heavily utilize user-id where capable. If this is going to be a GlobalProtect enabled install build appropriate HIP checks and see about deploying certificate authentication or proper MFA where certificates aren't possible. 

It's always harder to go back and add features or start turning things on than if they were enabled from the start. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!