Review Best Practice Device and Panorama Management Configuration
Use the Best Practice Assessment (BPA) tool to check
the management configuration (admin roles, authentication, log settings,
etc.) to identify weaknesses.
and pages
show all checks related to device management setup and configuration.
On standalone firewalls, begins on the firewall
device’s General Settings for Management Setup page. On Panorama, begins
on the page that shows general settings for each template stack. begins
on the device’s General Settings for Management Setup page. Select
the check you want to review to understand the existing configuration
and to identify potential gaps in best practice configuration related
to firewall and Panorama device management. The following example
shows the result for General Settings on a Panorama device.
The report shows the current configuration for each item. The
best practice check results for each item appears below its current
configuration. When viewing information for a
Device
,
you can specify a Template
to limit the scope
of the information displayed.Each check has pass/fail status and recommendations for failed
best practice checks. Click help (
) for
the rationale for each check and links to best practice documentation.
When one or more checks fail, the item’s title turns red.
) for
the rationale for each check and links to best practice documentation.
When one or more checks fail, the item’s title turns red. When you review the
Device
or Panorama
tab,
at a minimum, review the following items to help understand the
potential scope of remediation:- Dynamic Updates—Antivirus, Apps, Threats, and WildFire updates.
- Management Interface Settings—Network Connectivity Services, Permitted IP Addresses.
- Administrators—Local Admins, Administrator Password profile. Check or to ensure Administrators’ passwords are configured with the minimum required complexity.
- Minimum Password Complexity—Password minimum complexity requirements check.
