Follow Post-Deployment Data Center Best Practices
Table of Contents
10.2
Expand all | Collapse all
-
- What Is a Data Center Best Practice Security Policy?
- Why Do I Need a Data Center Best Practice Security Policy?
- Data Center Best Practice Methodology
- How Do I Deploy a Data Center Best Practice Security Policy?
- How to Assess Your Data Center
-
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
- Use Cortex XDR Agent to Protect Data Center Endpoints
- Create Data Center Traffic Block Rules
- Order the Data Center Security Policy Rulebase
- Maintain the Data Center Best Practice Rulebase
- Use Palo Alto Networks Assessment and Review Tools
Follow Post-Deployment Data Center Best Practices
This checklist shows you how to monitor and maintain
your best practice data center deployment to keep your network safe
as applications and circumstances evolve.
After you begin deploying data center best
practices, monitor the network to ensure that security and access
are working as expected, and then maintain the rulebase as circumstances
change.
- Check the predefined Applications report ( MonitorReportsApplication
ReportsApplications)
to verify that only applications you allowed in Security policy
rules are running. If you find unexpected applications, review the Security policy rules and refine them to eliminate unexpected applications or to accommodate legitimate applications.
- Log all data center traffic. Use Palo Alto Networks’ extensive monitoring tools, logging tools, predefined reports, and custom reports to capture and monitor activity for unexpected applications, users, traffic, and behaviors.
- Create custom reports to monitor the block rules, which protect against potential attacks and also identify policy gaps and unexpected behaviors so you can tune the rulebase.
- Create a custom report to log intra-data-center traffic that matches the predefined intrazone-default allow rule at the bottom of the rulebase, which allows all traffic within the same zone by default.
- Enable logging on and create a custom report for data center traffic that matches the predefined interzone-default rule at the bottom of the rulebase, which denies all traffic between zones by default.
- Listen and respond to user feedback.User complaints about losing access to applications identifies gaps in the rulebase or risky applications that were in use on your network before application allow listing prevented their use.
- Periodically compare the baseline measurements you took
during the planning stage to the current measurements to evaluate
progress, identify changes, and find areas of improvement.At the same time, revisit your goal for the ideal future state of the network to assess progress. If you manage firewalls with Panorama, monitor firewall health to compare devices to their baseline performance and to each other to identify deviations from normal behavior.
- Evolve application allow rules over time because applications
evolve, user requirements change, and content updates modify existing
App-IDs and introduce new App-IDs. Maintain the data center best practice rulebase and review new and modified App-IDs before you install a new content release so you can modify the rulebase if the changes impact policy.
- Use Palo Alto Networks assessment and review tools to assess your current prevention posture and your adoption of best practices.
- Refer to the full Data Center Best Practice Security Policy for details about each planning, deployment, and post-deployment step and how they benefit you.