Use the Best Practice Assessment (BPA) tool to check
the objects configuration (Security and Decryption profiles, Tags,
etc.) to identify weaknesses to improve.
all checks related to different types of firewall objects, and begins
page. Select the
object you want to review to understand the existing configuration
and to identify potential gaps in best practice configuration related
to Application Filters, Tags, GlobalProtect, Security profiles,
Log Forwarding, and Decryption profiles. The following example shows
the result when you select the Antivirus Security profile object.
For each Antivirus profile, the report shows the current configuration
and how many rules use the profile. The report shows the best practice
check results below the current configuration with pass/fail status
and recommendations for failed best practice checks. Click help
the rationale for each check and links to best practice documentation.
When one or more checks fail, the profile title turns red. The
report lists profiles that aren’t in use at the bottom with a yellow
The “QS” button next to some of the profile page links on the
left of the screen connect you to the QuickStart Service options.
helps you increase
your security capabilities and investments by helping you plan and
execute your firewall-as-a-platform implementation. The
help you understand, create, and deploy the
When you review the
tab, at a
minimum, review the following items to help understand the potential
scope of remediation:
for both Antivirus and WildFire.
—Strict Profile, DNS Sinkhole.
—Whether known bad categories are blocked.
—Profile File Types (all types should
be sent to WildFire for analysis).
—Whether all log types are forwarded
(forward all log types).