Proactively Enforce Security Checks
Focus
Focus
Next-Generation Firewall

Proactively Enforce Security Checks

Table of Contents

Proactively Enforce Security Checks

Use the
Panorama CloudConnector Plugin
to block faulty configurations before they’re committed.
Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series, funded with Software NGFW Credits
  • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
The
Panorama CloudConnector Plugin
enables you to take proactive measures against suboptimal configurations by blocking commits that do not pass particular best practice checks. When you indicate in
AIOps for NGFW
that you want a check to
Fail Commit
, Panorama automatically blocks commits of any configuration that does not pass that check. Rather than wait to receive an alert about a failed best practice check, use the plugin to keep configuration issues out of your deployment in the first place.
  1. Specify the best practice checks that will block commits on failure.
    1. Log in to
      AIOps for NGFW
      .
    2. Select
      Manage
      Security Posture
      Settings - Panorama Managed
      Security Checks
      .
    3. Find the check that you want to block commits.
    4. Set
      Action on Fail
      to
      Fail Commit
  2. Verify by attempting to commit a configuration that does not pass the check.
    1. Log in to Panorama.
    2. Violate the best practice check that you specified to
      Fail Commit
      .
    3. Select
      Commit
      Commit to Panorama
      Validate Configuration
      .
    You should see a dialog stating that the validation failed because the configuration did not pass the best practice check.
    Setting a check to
    Fail Commit
    causes the check to fail both validation and the actual commit operation.

Recommended For You