Use Palo Alto Networks’ extensive monitoring tools, logging tools, predefined reports, and
custom reports to capture and monitor activity for unexpected applications,
users, traffic, and behaviors.
Create custom reports to monitor the block rules, which protect
against potential attacks and also identify policy gaps and unexpected
behaviors so you can tune the rulebase.
Create a custom report to log intra-data-center traffic
that matches the predefined intrazone-default allow rule at the bottom of
the rulebase, which allows all traffic within the same zone by default.
Enable logging on and create a custom report for data
center traffic that matches the predefined interzone-default rule at the bottom of
the rulebase, which denies all traffic between zones by default.
Listen and respond to user feedback.
User complaints about losing access to applications identifies
gaps in the rulebase or risky applications that were in use on your
network before application whitelisting prevented their use.
Periodically compare the baseline measurements you took
during the planning stage to the current measurements to evaluate
progress, identify changes, and find areas of improvement.
At the same time, revisit your goal for the ideal future
state of the network to assess progress. If you manage firewalls
with Panorama, monitor firewall health to compare devices
to their baseline performance and to each other to identify deviations
from normal behavior.
Evolve application whitelist rules over time because
applications evolve, user requirements change, and content updates modify existing
App-IDs and introduce new App-IDs.