Expand all | Collapse all
Access and Run the BPA
Run the Best Practice Assessment on a firewall Tech Support
File from the Customer Support Portal to generate a detailed report
of your best practice adoption.
Access the Best Practice Assessment (BPA)
from the
Customer Support Portal. Super
User accounts automatically have access to the BPA and can assign
the
BPA User
role to a Standard User’s profile so that the
Standard User can run the BPA. This procedure shows Super Users
how to give access to Standard Users and how to run the BPA. You
can also view short videos on
how to run a BPA and
how to understand the results.
In
addition, if you subscribe to the Premium (on or after Nov 1, 2019)
or Platinum Support Contract, you have the opportunity to prepare
for and activate
Security Assurance. Security
Assurance provides access to Palo Alto Networks security experts
and tools to help with initial incident investigation. We strongly
recommend that you run the BPA to measure your adoption of
seven key security
capabilities and to ensure that your adoption rate is at
least equal to your industry’s average adoption rate so that your
network is better protected. The combination of the Premium or Platinum
support contract and a recent BPA measurement that shows your adoption
rate for the seven key security capabilities meets your industry’s
average automatically activates Security Assurance.
In
Panorama-managed environments, Panorama may manage large numbers
of next-generation firewalls. Should you run the BPA on Panorama or
on each individual firewall? The tradeoffs are:
Running
the BPA on Panorama is fast, convenient, and assesses most of the
capabilities of the managed firewalls, but does not examine local firewall
overrides.
Running the BPA on each managed firewall assesses the complete
configuration (including local overrides) but takes much more time.
The
most practical method is to run the BPA on Panorama first. Examine
the results, decide if you need to focus on any particular managed
devices, and then run the BPA on those devices. This method saves
time while still focusing on relevant information that enables you
to improve your security posture.
Access the BPA from the Customer Support Portal
Superusers can assign permission to Standard Users so
they can run the BPA any time from the Palo Alto Networks Technical
Support Portal.
From the Customer Support Portal’s authentication
home screen, select .
Click the pencil icon to edit the Standard User to whom
you want to assign BPA permissions.
Select the
BPA User
role and then
click the update check mark to add the new role.
The Standard User now has the BPA User role privileges.
Super Users and Standard Users with the BPA User role
can log in to the Customer Support Portal to access and run the
BPA ().
Generate and Download a BPA Report
Generate a Best Practice Assessment any time from the
Palo Alto Networks Technical Support Portal to check and improve
your security posture.
After you gain access to the BPA, you can
generate a BPA report for a Panorama appliance or for a next-generation
firewall.
If possible, generate BPA
reports for Panorama appliances instead of individual next-generation
firewalls to gain complete visibility into all of the firewalls
in your environment in one report. Generate reports on a regular
basis to measure progress toward adopting security capabilities
and security best practices.
Drag or drop a
Tech Support File (.tgz
file) in the Customer Support Portal window or browse for a Tech
Support File.
Super Users can create Tech Support Files ( or ).
Optionally, map each zone to the area of architecture,
or click
Skip this step
to run the BPA without
mapping zones.
Drag and drop the architectural value from Architecture
Classification, use the
Classification
drop-down
to select a value, or select multiple check boxes to select multiple
zones and then apply a value to all of the selected zones at one
time.
Identify the industry mapped to your account, and generate
and download the BPA report (
Generate & Download Report
).
You can change the industry against which the BPA compares
your results using the drop-down. If you want to change anything
before you generate the report, you can also go back and make those
changes.
Generate & Download Report
downloads
the detailed BPA report, the Executive Summary report, and a spreadsheet
that shows failed best practice checks to the system from which
you accessed and ran the BPA.
The generated BPA displays the Executive Summary and
informs you that the detailed HTML report was downloaded to your
computer.
Now that you know how to run the BPA, go to the
Customer Support Portal and try it out
today (or contact your Palo Alto Networks SE or partner to run the
BPA) to begin the transition to a more secure network.
If you subscribe to the Premium (on or after November
1, 2019) or Platinum Support Contract, use the BPA to prepare your
security posture to take advantage of
Security Assurance, which
helps with initial incident investigation.