Best Practices for Migrating to Application-Based Policy
Use Expedition and Policy Optimizer to migrate legacy
firewall security policy to a Palo Alto Networks next-generation
firewall or Panorama.
You don’t have to sacrifice better security for application
availability. Instead, use
Expedition and
Policy Optimizer to automate
and reduce the time and effort required to migrate from a port-based
Security policy on a legacy firewall to an application-based Security
policy on a Palo Alto Networks next-generation firewall or Panorama
appliance in a phased, safe manner.
- Decryption (you can't defend yourself
against threats into which you have no visibility)
- Security policy (includes Security policy
rule construction, rulebase order and hygiene, the App-ID Cloud Engine (ACE), Policy
Optimizer, SaaS Policy Recommendation, and IoT Policy Recommendation)
- Zero Trust (how to lock down your
network)
- DoS & Zone Protection (including
Packet Buffer Protection)
- Administrative Access (protect access to
firewalls and management devices)
-
-
-
Also ensure that you have the proper
subscriptions to support your network
security, including Advanced Threat Prevention, DNS Security, Advanced URL Filtering,
IoT Security, GlobalProtect, SaaS Security, etc.