Review Best Practice Objects Configuration
Use the Best Practice Assessment (BPA) tool to check
the objects configuration (Security and Decryption profiles, Tags,
etc.) to identify weaknesses to improve.
The
Objects
tab
shows all checks related to different types of firewall objects.
Select the type of object you want to review to understand the existing
configuration and to identify potential gaps in best practice configuration
related to Tags, GlobalProtect, Security profiles, Log Forwarding, and
Decryption profiles. The following example shows the result for
an Antivirus Security profile.
For each profile, the report shows the current configuration
and how many rules use the profile. The report shows the best practice
check results below the current configuration with pass/fail status
and recommendations for failed best practice checks. Click help
for the rationale for each check and links to best practice documentation.
When one or more checks fail, the profile title turns red. The
report lists profiles that aren’t in use at the bottom with a yellow
title.
When you review the
Objects
tab, at a
minimum, review the following items to help understand the potential
scope of remediation:- Antivirus—Decoder actions for both Antivirus and WildFire.
- Anti-Spyware—Strict Profile, DNS Sinkhole.
- Vulnerability Protection—Strict Profile.
- URL Filtering—Whether known bad categories are blocked.
- WildFire Analysis—Profile File Types (all types should be sent to WildFire for analysis).
- Log Forwarding—Whether all log types are forwarded (forward all log types).
