![]() ![]() Use it as a check list for new installations.Use it to (regularly) review existing customer’s configuration and pinpoint insecure policies.The BPA tool is easy to use and provides an instant report. The tool performs more than 200 security checks on a firewall or Panorama configuration and provides a pass/fail score for each check. The Best Practice Assessment (BPA) tool, created by Palo Alto Networks, evaluates a device’s configuration by measuring the adoption of capabilities, validating whether the policies adhere to best practices, and providing recommendations and instructions for how to remediate failed best practice checks. More information can be found on the Palo Alto Networks Live platform. ![]() The tool comes as a free download at GitHub. Tag rules and objects based on match criteria to create a more structured rulebase or highlight unsecure policies which need reviewing.Find duplicate objects and replace or merge them.Add a security profile (group) to all security policies which match certain characteristics like Zone, Dervice, Tag, … Example: Apply a stricter security profile to all policies which allow outbound web traffic.The tool can be used to manage large rulebases, execute complex rule merges, track unused objects and other actions which are not directly offered by the standard GUI. It may seem a little complex compared to the GUI based approach of the Palo Alto platform, but the commands are straightforward and the documentation provides some examples to get you started. PAN-Configurator is a PHP library aimed at making PANOS config changes easy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |