Improve Visibility into Traffic

Maximize Security profile adoption. After you Review the Adoption Summary and identify gaps in adoption, remediate the gaps using the safe transition steps to move toward a full best practice Security profile implementation.
Maximize Logging adoption (including Log Forwarding) across the Security policy rulebase to inspect
all
traffic.
Configure best practices for dynamic content updates to ensure the firewall has the latest application and threat signatures to protect your network and that you deploy updates based on your network security and availability requirements.
Plan your SSL Decryption deployment based on best practices.
Enable User-ID in user zones (internal, trusted zones from which users initiate traffic) to map application traffic and associated threats to users and devices.
Don’t enable User-ID in external untrusted zones. If you enable User-ID (or client probing such as WMI) on an external untrusted zone, probes could be sent outside your protected network and expose User-ID information such as the User-ID Agent service account name, domain name, and encrypted password hash, which could enable an attacker to compromise your network.
Reduce or eliminate Application Override rules so you can inspect the applications and content these rules control (an Application Override rule is a layer 4 rule that doesn’t allow the firewall to inspect the traffic). Eliminate the need for or reduce the scope of basic Application Override rules:
Validate whether the use case for the rule still exists. Often, an Application Override rule was created to overcome a specific issue related to performance, protocol decoders, or unknown applications. Over time, PAN-OS updates, content updates, or hardware upgrades may remove the need for some Application Override rules. If you run PAN-OS 9.0 or later on firewalls or PAN-OS 9.0 or later on a Panorama managing firewalls running PAN-OS 8.1 (or later), you can use Policy Optimizer to transform the rule to a layer 7 rule.
Reduce the scope of the Application Override rule so it only affects the minimum possible amount of traffic. Rules that are defined too broadly may override more traffic than necessary or intended. Define source and destination zones, address, and/or ports in each Application Override rule to limit the rule’s scope as much as possible.
Create layer 7 custom applications for internal applications.
Create Service objects with custom timeout values.
Plan to deploy DoS and Zone Protection and take baseline CPS measurements so you can set reasonable flood protection thresholds.