A firewall security rulebase is a critical component of the overall security architecture. An effective security rulebase should fulfill two requirements:
Support an organization’s business requirements by allowing authorized access to requested resources, whenever needed.
Ensure that only authorized entities are allowed to access critical resources, based on the least privilege principle.
Security rules should always enforce the security policy by matching on the application traversing the firewall instead of just destination TCP/UDP ports. Palo Alto Networks next-generation forewalls have a database of more than 2000 applications used to classify traffic. However, it may happen that specific traffic is not identified and will be classified as unknown.
This activity presents sound practices, technical guidelines, and generic processes and procedures that should fit any organization to safely handle the traffic whose underlying application could not be identified by the firewall.