Review Best Practice Network Configuration

Use the Best Practice Assessment (BPA) tool to check the network configuration (GlobalProtect, Zones, etc.) to identify weaknesses to improve.
The
Network
tab shows all checks for network-related configuration. On the left nav, select the network check you want to review to understand the existing configuration and to identify potential gaps in best practice configuration related to Zones, GlobalProtect, IPsec Crypto, and Zone Protection profiles. The following example shows the result for Zones.
network-checks.png
The report shows the current configuration for each item. The best practice check results for each item appears below its current configuration. You can specify a
Device Group
and/or
Template
to limit the scope of the information displayed.
Each check has pass/fail status and recommendations for failed best practice checks. Click help for the rationale for each check and links to best practice documentation. When one or more checks fail, the item’s title turns red.
When you review the
Network
tab, at a minimum, review the following items to help understand the potential scope of remediation:
  • Zones
    —Whether each zone has Packet Buffer Protection enabled and has a Zone Protection profile.
  • Zone Protection
    —Whether Flood Protection and Packet-Based Attack Protection are enabled.

Recommended For You