Proactively Enforce Security Checks
Use the AIOps plugin for Panorama to block faulty configurations
before they’re committed.
The AIOps plugin enables you to take proactive
measures against suboptimal configurations by blocking commits that
do not pass particular best practice checks. When you indicate in
AIOps for NGFW
that you want a check to Fail Commit
,
Panorama automatically blocks commits of any configuration that
does not pass that check. Rather than wait to receive an alert about
a failed best practice check, use the plugin to keep configuration
issues out of your deployment in the first place.- Ensure that you meet all prerequisites, and install the plugin.
- Specify the best practice checks that will block commits on failure.
- Log in toAIOps for NGFW.
- Select .
- Find the check that you want to block commits.
- SetAction on FailtoFail Commit
- Verify by attempting to commit a configuration that does not pass the check.
- Log in to Panorama.
- Violate the best practice check that you specified toFail Commit.
- Select .
You should see a dialog stating that the validation failed because the configuration did not pass the best practice check.
Setting a check toFail Commitcauses the check to fail both validation and the actual commit operation.
