Review Best Practice Device and Panorama Management Configuration

Use the Best Practice Assessment (BPA) tool to check the management configuration (admin roles, authentication, log settings, etc.) to identify weaknesses.
The
Device
and
Panorama
tabs show all checks related to device management configuration. Select the device management check you want to review to understand the existing configuration and to identify potential gaps in best practice configuration related to firewall and Panorama device management. The following example shows the result for General Settings for the firewall (click
Panorama
to see the Panorama check results).
device-panorama-checks.png
The report shows the current configuration for each item. The best practice check results for each item appears below its current configuration. When viewing information for a
Device
, you can specify a
Template
to limit the scope of the information displayed.
Each check has pass/fail status and recommendations for failed best practice checks. Click the question mark for the rationale for each check and links to best practice documentation. When one or more checks fail, the item’s title turns red.
When you review the
Device
or
Panorama
tab, at a minimum, review the following items to help understand the potential scope of remediation:
  • Dynamic Updates
    —Antivirus, Apps, Threats, and WildFire updates.
  • Management Interface Settings
    —Network Connectivity Services, Permitted IP Addresses.
  • Administrators
    —Local Admins, Administrator Password profile. Check
    Device
    Administrators
    or
    Panorama
    Administrators
    to ensure Administrators’ passwords are configured with the minimum required complexity.
  • Minimum Password Complexity
    —Password minimum complexity requirements check.

Recommended For You