1. Home
    2. Best Practices
    3. Internet Gateway Best Practice Security Policy

    One of the cheapest and easiest ways for an attacker to gain access to your network is through users accessing the internet. By successfully exploiting an endpoint, an attacker can take hold in your network and begin to move laterally towards the end goal, whether that is to steal your source code, exfiltrate your customer data, or take down your infrastructure. To protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy.

    What Do You Want To Do?

    Identify Whitelist Applications

    Create User Groups for Access to Whitelist Applications

    Decrypt Traffic for Full Visibility and Threat Inspection

    Create Best Practice Security Profiles for the Internet Gat...

    Define the Initial Internet Gateway Security Policy

    Featured Topics

    What Is a Best Practice Internet Gateway Security Policy?

    Learn About It
    Book Image

    SSL Decryption Exposes Encrypted Malware

    Expose Malware Now
    Book Image

    Best Practice for Internet Gateway Security Policy

    Learn IG Best Practice

    Segment Your Network Using Interfaces and Zones

    Segment Your Network

    Videos

    Strengthen Your Internet Gateway

    Interzone Deny Rule Logging Best Practice Settings Check

    Ensure that you modify the default interzone deny rule to enable logging and follow network security best practices.

    BPA+ YouTube Channel

    Click "View BPA+ Playlist" to access all of the BPA+ videos, including best practice network security checks and a demo.

    View BPA+ Playlist

    DNS Sinkhole Best Practice Settings Check

    Ensure that your DNS Sinkhole configuration follows network security best practices.

    Intrazone Allow Rule Logging Best Practice Settings Check

    Ensure that you modify the default intrazone allow rule to enable logging and follow network security best practices.

    High Risk IP Address Feed (Inbound) Best Practices Check

    Ensure that your configuration implements best practices for the inbound high risk IP addresses feed.

    URL Filtering Profile Allow Categories Best Practice Settings Check

    Ensure that your URL Filtering allow category settings follow network security best practices.

    Antivirus Profile Decoder Actions Best Practice Settings Check

    Ensure that your Antivirus profile configuration follows network security best practices for decoder actions.

    High Risk IP Address Feed (Outbound) Best Practices Check

    Ensure that your configuration implements best practices for the outbound high risk IP addresses feed.

    URL Filtering Profile Allow Categories Best Practice Settings Check

    Ensure that your URL Filtering allow category settings follow network security best practices.

    Antivirus Profile WildFire Decoder Actions Best Practice Settings Check

    Ensure that your Antivirus profile configuration follows network security best practices for WildFire decoder actions.

    Malicious IP Address Feed (Outbound) Best Practice Check

    Ensure that your configuration implements best practices for the malicious IP address feed (outbound).

    Malicious IP Address Feed (Inbound) Best Practice Check

    Ensure that your configuration implements best practices for the malicious IP address feed (inbound).

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo