BEST PRACTICE INTERNET GATEWAY SECURITY POLICY INSPECT ALL TRAFFIC FOR VISIBILITY www.paloaltonetworks.com/documentaon REDUCE THE ATTACK SURFACE PREVENT KNOWN THREATS DETECT UNKNOWN THREATS Gain full visibility into all traffic across all users and applicaons all the me. Create security policy rules based on applicaon and user. Enable the firewall to scan all all allowed traffic for known threats. 1 DEPLOY GLOBALPROTECT 1 CREATE FILE BLOCKING PROFILE 1 ATTACH PROFILES TO POLICY RULES 2 DETECT AND BLOCK THREATS 1 SEND UNKNOWN FILES 2 IDENTIFY THREATS WITH WILDFIRE 3 DELIVER SIGNATURE 2 ENABLE SSL DECRYPTION NEXT-GEN FIREWALL 01110101011110001010010101 101010001010110111010101110 011101000101011100110100011 APP-ID CONTENT-ID USER-ID 2 CREATE URL FILTERING PROFILE 3 ENABLE USER-ID Forward all unknown files to WildFire for analysis.