Palo Alto Networks provides several tools to simplify NGFW configuration and ensure best practices are
followed:
A . Telemetry to ensure that Palo Alto Networks has full visibility into the firewall configuration: While
telemetry is crucial for monitoring and threat intelligence, it doesn't directly facilitate configuration in a
simplified or best-practice manner. Telemetry provides data about the configuration and its performance,
but it doesn't guide the configuration process itself.
B . Day 1 Configuration through the customer support portal (CSP): The CSP offers resources and
documentation, but it doesn't provide a specific "Day 1 Configuration" tool that automates or simplifies
initial setup in a guided way. The initial configuration is typically done through the firewall's web
interface or CLI.
C . Policy Optimizer to help identify and recommend Layer 7 policy changes: This is a key tool for
simplifying and optimizing security policies. Policy Optimizer analyzes traffic logs and provides
recommendations for refining Layer 7 policies based on application usage. This helps reduce policy
complexity and improve security posture by ensuring policies are as specific as possible.
D . Expedition to enable the creation of custom threat signatures: Expedition is a migration tool that can
also be used to create custom App-IDs and threat signatures. While primarily for migrations, its ability to
create custom signatures helps tailor the firewall's protection to specific environments and applications,
which is a form of configuration optimization.
E . Best Practice Assessment (BPA) in Strata Cloud Manager (SCM): The BPA is a powerful tool that
analyzes firewall configurations against Palo Alto Networks best practices. It provides detailed reports
with recommendations for improving security, performance, and compliance. This is a direct way to
ensure configurations adhere to best practices.
Reference:
Palo Alto Networks documentation highlights these tools:
Policy Optimizer documentation: Search for "Policy Optimizer" on the Palo Alto Networks support
portal. This documentation explains how the tool analyzes traffic and provides policy recommendations.
Expedition documentation: Search for "Expedition" on the Palo Alto Networks support portal. This
documentation describes its migration and custom signature creation capabilities.
Strata Cloud Manager documentation: Search for "Strata Cloud Manager" or "Best Practice Assessment"
within the SCM documentation on the support portal. This will provide details on how the BPA works
and the types of recommendations it provides.
These
