Use the Best Practice Assessment (BPA) tool to check
the network configuration (GlobalProtect, Zones, etc.) to identify
weaknesses to improve.
shows all checks for network-related configuration. On the left
nav, select the network check you want to review to understand the
existing configuration and to identify potential gaps in best practice
configuration related to Zones, GlobalProtect, IPsec Crypto, and
Zone Protection profiles. The following example shows the result
The report shows the current configuration for each item. The
best practice check results for each item appears below its current
configuration. You can specify a
limit the scope of the information displayed.
Each check has pass/fail status and recommendations for failed
best practice checks. Click help for the rationale for each check
and links to best practice documentation. When one or more checks
fail, the item’s title turns red.
When you review the
tab, at a
minimum, review the following items to help understand the potential
scope of remediation:
—Whether each zone
has Packet Buffer Protection enabled and has a Zone Protection profile.
—Whether Flood Protection and Packet-Based
Attack Protection are enabled.