Focus

Best Practices for Migrating to Application-Based Policy

Table of Contents

Best Practices for Migrating to Application-Based Policy

Use Expedition and Policy Optimizer to migrate legacy firewall security policy to a Palo Alto Networks next-generation firewall or Panorama.

You don’t have to sacrifice better security for application availability. Instead, use Expedition and Policy Optimizer to automate and reduce the time and effort required to migrate from a port-based Security policy on a legacy firewall to an application-based Security policy on a Palo Alto Networks next-generation firewall or Panorama appliance in a phased, safe manner.

After migrating legacy policy to application-based policy, use the on-demand BPA report in the Strata Cloud Manager to identify areas to improve security, use the Adoption Summary to identify gaps in security capability adoption, and visit the Best Practices Documentation Portal, which provides specific planning, deployment, and maintenance best practices steps for a variety of features, capabilities, and security goals, including:

Decryption (you can't defend yourself against threats into which you have no visibility)
Security policy (includes Security policy rule construction, rulebase order and hygiene, the App-ID Cloud Engine (ACE), Policy Optimizer, SaaS Policy Recommendation, and IoT Policy Recommendation)
Zero Trust (how to lock down your network)
DoS & Zone Protection (including Packet Buffer Protection)
Administrative Access (protect access to firewalls and management devices)
IoT Best Practices
WildFire Deployment Best Practices
Best Practices for Applications and Threats Content Updates

Also ensure that you have the proper subscriptions to support your network security, including Advanced Threat Prevention, DNS Security, Advanced URL Filtering, IoT Security, GlobalProtect, SaaS Security, etc.

Safely Enable Applications Using a Phased Transition