Best Practices for Getting Started with NGFWs

• Follow the Adminstrative Access Best Practices to make sure you are properly securing the management interfaces.
• Configure a best-practice security policy rulebase to safely enable applications and protect your network from attack. Go to the Best Practices page and select security policy best practice for your NGFW deployment.
• Set up High Availability—High availability (HA) is a configuration in which two NGFWs are placed in a group and their configuration and session tables are synchronized to prevent a single point to failure on your network. A heartbeat connection between the NGFW peers ensures seamless failover in the event that a peer goes down. Setting up a two-NGFW cluster provides redundancy and allows you to ensure business continuity.
• Enable User Identification (User-ID)—User-ID is a Palo Alto Networks next-generation NGFW feature that allows you to create policies and perform reporting based on users and groups rather than individual IP addresses.
• Enable Decryption—Palo Alto Networks NGFWs provide the capability to decrypt and inspect traffic for visibility, control, and granular security. Use decryption on a NGFW to prevent malicious content from entering your network or sensitive content from leaving your network concealed as encrypted or tunneled traffic.
• Follow the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions.
• Share Threat Intelligence with Palo Alto Networks —Permit the NGFW to periodically collect and send information about applications, threats, and device health to Palo Alto Networks. Telemetry includes options to enable passive DNS monitoring and to allow experimental test signatures to run in the background with no impact to your security policy rules, NGFW logs, or NGFW performance. All Palo Alto Networks customers benefit from the intelligence gathered from telemetry, which Palo Alto Networks uses to improve the threat prevention capabilities of the NGFW.