Best Practices in NGFWs
Focus
Focus
Next-Generation Firewall

Best Practices in NGFWs

Table of Contents

Best Practices in NGFWs

Learn about best practices in NGFWs.
Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series, funded with Software NGFW Credits
  • AIOps for NGFW Free (use the AIOps for NGFW Free app)
    or
  • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
AIOps for NGFW helps you tighten security posture by aligning with best practices. You can leverage AIOps for NGFW to assess your Panorama, NGFW, and Panorama-managed Prisma Access security configurations against best practices and remediate failed best practice checks. AIOps for NGFW streamlines the process of checking InfoSec compliance on your network infrastructure.
AIOps for NGFW is free, and the following AIOps Best Practice Assessment (BPA) capabilities are available without an AIOps premium license. For the full list of available Best Practice features, see Built-In Best Practices:
  • Check the Best Practices Dashboard for daily best practices reports, and their mapping to Center for Internet Security’s Critical Security Controls (CSC) checks, to help you identify areas where you can make changes to improve your best practices compliance. Share the best practice report as a PDF and schedule it to be regularly delivered to your inbox.
  • Monitor Feature Adoption and stay abreast of which security features you’re using in your deployment and potential gaps in coverage.
  • Get Security Posture Alerts from AIOps for NGFW to know when your security settings may need a closer look.
    Command Line Interface (CLI) remediations are also available in AIOps for NGFW under
    Alerts
    Security
    Alert Details
    . View recommendations intended to help you to remediate the issues triggering an alert.
    Security alerts and CLI remediations are available only for devices sharing telemetry. This feature doesn’t support Tech Support File (TSF) manual upload for PAN-OS devices running versions 9.1 and above.
  • Generate BPA reports for (non-telemetry) PAN-OS devices running versions 9.1 and above, now including feature adoption metrics. If you’ve been using the BPA standalone tool to generate BPA reports, you might be wondering “Can I Still Generate BPA Reports from the Customer Support Portal?” We’ve got you covered as well.
With a premium license, AIOps for NGFW also offers advanced security posture capabilities. Premium features focus on ensuring full utilization and maximal security from your firewalls. Check out what both free and premium licenses have to offer.

Recommended For You