Access and Run the BPA
Run the Best Practice Assessment on a firewall Tech Support
File from the Customer Support Portal to generate a detailed report
of your best practice adoption.
Access the Best Practice Assessment (BPA)
from the Customer Support Portal. Super
User accounts automatically have access to the BPA and can assign
the
BPA User
role to a Standard User’s profile so that the
Standard User can run the BPA. This procedure shows Super Users
how to give access to Standard Users and how to run the BPA. You
can also view short videos on how to run a BPA and how to understand the results.In
addition, if you subscribe to the Premium (on or after Nov 1, 2019)
or Platinum Support Contract, you have the opportunity to prepare
for and activate Security Assurance. Security
Assurance provides access to Palo Alto Networks security experts
and tools to help with initial incident investigation. We strongly
recommend that you run the BPA to measure your adoption of seven key security
capabilities and to ensure that your adoption rate is at
least equal to your industry’s average adoption rate so that your
network is better protected. The combination of the Premium or Platinum
support contract and a recent BPA measurement that shows your adoption
rate for the seven key security capabilities meets your industry’s
average automatically activates Security Assurance.
In
Panorama-managed environments, Panorama may manage large numbers
of next-generation firewalls. Should you run the BPA on Panorama or
on each individual firewall? The tradeoffs are:
- Running the BPA on Panorama is fast, convenient, and assesses most of the capabilities of the managed firewalls, but does not examine local firewall overrides.
- Running the BPA on each managed firewall assesses the complete configuration (including local overrides) but takes much more time.
The
most practical method is to run the BPA on Panorama first. Examine
the results, decide if you need to focus on any particular managed
devices, and then run the BPA on those devices. This method saves
time while still focusing on relevant information that enables you
to improve your security posture.
Access the BPA from the Customer Support Portal
Superusers can assign permission to Standard Users so
they can run the BPA any time from the Palo Alto Networks Technical
Support Portal.
- From the Customer Support Portal’s authentication home screen, select.MembersManage Users
- Click the pencil icon to edit the Standard User to whom you want to assign BPA permissions.
- Select theBPA Userrole and then click the update check mark to add the new role.
- The Standard User now has the BPA User role privileges.
- Super Users and Standard Users with the BPA User role can log in to the Customer Support Portal to access and run the BPA ().ToolsRun Best Practice Assessment
Generate and Download a BPA Report
Generate a Best Practice Assessment any time from the
Palo Alto Networks Technical Support Portal to check and improve
your security posture.
After you gain access to the BPA, you can
generate a BPA report for a Panorama appliance or for a next-generation
firewall.
If possible, generate BPA
reports for Panorama appliances instead of individual next-generation
firewalls to gain complete visibility into all of the firewalls
in your environment in one report. Generate reports on a regular
basis to measure progress toward adopting security capabilities
and security best practices.
- Drag or drop a Tech Support File (.tgz file) in the Customer Support Portal window or browse for a Tech Support File.Super Users can create Tech Support Files (orDeviceSupportTech Support File).PanoramaSupportTech Support File
- Optionally, map each zone to the area of architecture, or clickSkip this stepto run the BPA without mapping zones.Drag and drop the architectural value from Architecture Classification, use theClassificationdrop-down to select a value, or select multiple check boxes to select multiple zones and then apply a value to all of the selected zones at one time.
- Identify the industry mapped to your account, and generate and download the BPA report (Generate & Download Report).You can change the industry against which the BPA compares your results using the drop-down. If you want to change anything before you generate the report, you can also go back and make those changes.Generate & Download Reportdownloads the detailed BPA report, the Executive Summary report, and a spreadsheet that shows failed best practice checks to the system from which you accessed and ran the BPA.
- The generated BPA displays the Executive Summary and informs you that the detailed HTML report was downloaded to your computer.
- Now that you know how to run the BPA, go to the Customer Support Portal and try it out today (or contact your Palo Alto Networks SE or partner to run the BPA) to begin the transition to a more secure network.If you subscribe to the Premium (on or after November 1, 2019) or Platinum Support Contract, use the BPA to prepare your security posture to take advantage of Security Assurance, which helps with initial incident investigation.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.