Now that you have integrated the firewall into your network and enabled the basic security features, you can begin configuring more advanced features. Here are some things to consider next:
Learn about the different
Management Interfaces that are available to you and how to access and use them.Replace the Certificate for Inbound Management Traffic. By default, the firewall ships with a default certificate that enables HTTPS access to the web interface over the management (MGT) interface or any other interface that supports HTTPS management traffic. To improve the security of inbound management traffic, replace the default certificate with a new certificate issued specifically for your organization.
Configure a best-practice security policy rulebase to safely enable applications and protect your network from attack. See
Best Practice Internet Gateway Security Policy for details.
Set up
High Availability—High availability (HA) is a configuration in which two firewalls are placed in a group and their configuration and session tables are synchronized to prevent a single point to failure on your network. A heartbeat connection between the firewall peers ensures seamless failover in the event that a peer goes down. Setting up a two-firewall cluster provides redundancy and allows you to ensure business continuity.
Manage Firewall Administrators—Every Palo Alto Networks firewall and appliance is preconfigured with a default administrative account (admin) that provides full read-write access (also known as superuser access) to the firewall. As a best practice, create a separate administrative account for each person who needs access to the administrative or reporting functions of the firewall. This allows you to better protect the firewall from unauthorized configuration (or modification) and to enable logging of the actions of each individual administrator.
Enable User Identification (
User-ID)—User-ID is a Palo Alto Networks next-generation firewall feature that allows you to create policies and perform reporting based on users and groups rather than individual IP addresses.
Enable
Decryption—Palo Alto Networks firewalls provide the capability to decrypt and inspect traffic for visibility, control, and granular security. Use decryption on a firewall to prevent malicious content from entering your network or sensitive content from leaving your network concealed as encrypted or tunneled traffic.
Enable Passive DNS Collection for Improved Threat Intelligence—Enable this opt-in feature to enable the firewall to act as a passive DNS sensor and send select DNS information to Palo Alto Networks for analysis in order to improve threat intelligence and threat prevention capabilities.
Follow the
Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions.
Best Practices for Completing the Firewall Deployment
Best Practices for Completing the Firewall Deployment Now that you have integrated the firewall into your network and enabled the basic security features, you can ...
Best Practices for Completing the Firewall Deployment
Best Practices for Completing the Firewall Deployment Now that you have integrated the firewall into your network and enabled the basic security features, you can ...
Best Practices for Completing the Firewall Deployment
Best Practices for Completing the Firewall Deployment Now that you have integrated the firewall into your network and enabled the basic security features, you can ...
Getting Started
Getting Started The following topics provide detailed steps to help you deploy a new Palo Alto Networks next-generation firewall. They provide details for integrating a ...
Getting Started
Getting Started The following topics provide detailed steps to help you deploy a new Palo Alto Networks next-generation firewall. They provide details for integrating a ...
Getting Started
Getting Started The following topics provide detailed steps to help you deploy a new Palo Alto Networks next-generation firewall. They provide details for integrating a ...
Manage Firewall Administrators
Manage Firewall Administrators Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Every Palo Alto Networks firewall has a ...
Manage Firewall Administrators
Manage Firewall Administrators Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Every Palo Alto Networks firewall has a ...
Manage Firewall Administrators
Manage Firewall Administrators Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Every Palo Alto Networks firewall has a ...
Best Practices for Securing Administrative Access
Learn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface. ...