One of the cheapest and easiest ways for an attacker to gain access to your network is through users accessing the internet. By successfully exploiting an endpoint, an attacker can take hold in your network and begin to move laterally towards the end goal, whether that is to steal your source code, exfiltrate your customer data, or take down your infrastructure. To protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy. 

What Do You Want To Do? 

Featured Topics

New Features Simplify Decryption


Updated with recommendations for using the new decryption features introduced in PAN-OS 10.0, including TLS 1.3 support and enhancements for simplifying troubleshooting of decryption issues.

Book Image

Best Practice for Internet Gateway Security Policy

Block QUIC Traffic


Our recommended block rules have been updated with recommendations for blocking the Quick UDP Internet Connections (QUIC) protocol to prevent potentially dangerous encrypted traffic from entering the network.

Book Image

SSL Decryption Exposes Encrypted Malware

What Is a Best Practice Internet Gateway Security Policy?


Segment Your Network Using Interfaces and Zones


Videos

Strengthen Your Internet Gateway

Interzone Deny Rule Logging Best Practice Settings Check

Ensure that you modify the default interzone deny rule to enable logging and follow network security best practices.

BPA+ YouTube Channel


Click "View BPA+ Playlist" to access all of the BPA+ videos, including best practice network security checks and a demo.

DNS Sinkhole Best Practice Settings Check

Ensure that your DNS Sinkhole configuration follows network security best practices.

Intrazone Allow Rule Logging Best Practice Settings Check

Ensure that you modify the default intrazone allow rule to enable logging and follow network security best practices.

High Risk IP Address Feed (Inbound) Best Practices Check

Ensure that your configuration implements best practices for the inbound high risk IP addresses feed.

URL Filtering Profile Allow Categories Best Practice Settings Check

Ensure that your URL Filtering allow category settings follow network security best practices.

Antivirus Profile Decoder Actions Best Practice Settings Check

Ensure that your Antivirus profile configuration follows network security best practices for decoder actions.

High Risk IP Address Feed (Outbound) Best Practices Check

Ensure that your configuration implements best practices for the outbound high risk IP addresses feed.

URL Filtering Profile Allow Categories Best Practice Settings Check

Ensure that your URL Filtering allow category settings follow network security best practices.

Antivirus Profile WildFire Decoder Actions Best Practice Settings Check

Ensure that your Antivirus profile configuration follows network security best practices for WildFire decoder actions.

Malicious IP Address Feed (Outbound) Best Practice Check

Ensure that your configuration implements best practices for the malicious IP address feed (outbound).

Malicious IP Address Feed (Inbound) Best Practice Check

Ensure that your configuration implements best practices for the malicious IP address feed (inbound).