Best Practice Checks

Evaluate your live configuration against Palo Alto Networks best practices.
Palo Alto Networks best practices are designed to help you get the most out of Prisma Access Cloud Management and are best securing your network. We’ve built best practice checks directly in to Prisma Access, so that you can get a live evaluation of your configuration.
Best practice checks are available for:
  • Your security policy rulebase
    Rulebase checks look at how security policy is organized and managed, including configuration settings that apply across many rules.
  • Security rules
  • Security profiles
    • Anti-Spyware
    • Vulnerability Protection
    • WildFire and Antivirus
    • URL Access Management
    • DNS Security
  • Authentication
  • Decryption
  • GlobalProtect
Best practice guidance aims to help you bolster your security posture, but also to help you manage your environment efficiently and to best enable user productivity. Continually assess your configuration against these inline checks—and when you see an opportunity to improve your security, take action then and there.
There are several different views Prisma Access Cloud Management provides you into your best practice adoption:
Overall Best Practice View
To get started, you can quickly assess your overall security posture by checking the
page, go to
Service Setup
Here you can see how you’re doing at a high-level and pinpoint areas where you might want to start taking action.
Best Practice Scores
Best practice scores are displayed on a feature dashboard (security policy, decryption, or URL Access Control, for example). These scores gives you a quick view into your best practice progress. At a glance, you can identify areas for further investigation or where you want to take action to improve your security posture.
Best Practice Field Checks
Field-level checks show you exactly where your configuration does not align with a best practice. Best practice guidance is provided inline, so you can immediately take action.
Best Practice Assessment
Here you can get a comprehensive view into how your implementation of feature aligns with best practices. Examine failed checks to see where you can make improvements (you can also review passed checks). Rulebase checks highlight configuration changes you can make outside of individual rules, for example to a policy object that is used across several rules.
Use this dashboard to measure your security posture against Palo Alto Networks’ guidance and check for CIS Critical Security Controls (CSC) compliance. You can share the best practice report as a PDF and schedule it to be regularly delivered to your inbox.
  • Go to
    Best Practices
    to get started.
Looking for more on Palo Alto Networks best practices?
Here’s the best practice homepage, where you can find resources to help you transition to and implement best practices. Keep in mind that the topics here cover best practice implementation on a PAN-OS next-gen firewall; while the workflows and sometimes the feature support varies from Prisma Access Cloud Management, the best practice guidance remains the same.

Recommended For You