: Deploy Data Center Best Practices
Focus
Focus

Deploy Data Center Best Practices

Table of Contents

Deploy Data Center Best Practices

If you’re already familiar with Palo Alto Networks’ platform, this checklist streamlines deploying security best practices in your data center to safeguard your most valuable assets.
Implement data center best practices when you create Security profiles, Decryption profiles, Security policy rules, Authentication policy rules, and Decryption policy rules.
For Security, Authentication, and DoS policy rules, configure log forwarding to Panorama or external services to centralize logs for convenient viewing and analysis, with notifications.
  • Global Data Center Objects, Policies, and Actions—Create custom applications to identify and control proprietary applications with Security policy in the data center, configure strict Security profiles (Antivirus, Anti-Spyware, Vulnerability Protection, File Blocking, and WildFire Analysis), configure strict Decryption profiles and policies, block traffic that you know is malicious or unnecessary, and install Cortex XDR Agent on endpoints to protect them.
  • User Data Center Traffic Policies—Configure strict Security policy rules to allow only appropriate access, ensure that users are authenticated, and decrypt the traffic.
  • Internet-to-Data-Center Traffic Policies—Prevent risks such as downloading malware from an infected external server, having command-and-control malware placed on data center endpoints, allowing inadvertent access, and DoS attacks intended to disrupt data center availability.
  • Data-Center-to-Internet Traffic Policies—Prevent risks such as data exfiltration, command-and-control malware that attempts to reach out to the internet and "call home", and other malware on compromised servers that attempts to download more malware.
  • Intra-Data-Center Traffic Policies—Prevent lateral movement of malware, allow only sanctioned applications that are required for business, and decrypt and log the traffic.
  • Data Center Security Policy Rulebase Order—The order of rules in the Security policy rulebase is critical because after traffic matches a rule, the firewall executes the rule's action on the traffic and no other action will occur on the traffic, and because of rule shadowing; follow Security Policy Rulebase Best Practices to avoid shadowing and understand how to order the rulebase.