Proactively Enforce Security Checks

Use the AIOps plugin for Panorama to block faulty configurations before they’re committed.
The AIOps plugin enables you to take proactive measures against suboptimal configurations by blocking commits that do not pass particular best practice checks. When you indicate in
AIOps for NGFW
that you want a check to
Fail Commit
, Panorama automatically blocks commits of any configuration that does not pass that check. Rather than wait to receive an alert about a failed best practice check, use the plugin to keep configuration issues out of your deployment in the first place.
  1. Specify the best practice checks that will block commits on failure.
    1. Log in to
      AIOps for NGFW
      .
    2. Select
      Settings
      Security Checks
      .
    3. Find the check that you want to block commits.
    4. Set
      Action on Fail
      to
      Fail Commit
  2. Verify by attempting to commit a configuration that does not pass the check.
    1. Log in to Panorama.
    2. Violate the best practice check that you specified to
      Fail Commit
      .
    3. Select
      Commit
      Commit to Panorama
      Validate Configuration
      .
    You should see a dialog stating that the validation failed because the configuration did not pass the best practice check.
    Setting a check to
    Fail Commit
    causes the check to fail both validation and the actual commit operation.

Recommended For You