BEST PRACTICEINTERNET GATEWAY SECURITY POLICY
INSPECT ALL TRAFFIC FOR VISIBILITY
www.paloaltonetworks.com/documentation
REDUCE THE ATTACK SURFACE
PREVENT KNOWN THREATS
DETECT UNKNOWN THREATS
Gain full visibility into all traffic across all users and applications all the time.
Create security policy rules based on application and user.
Enable the firewall to scan all all allowed traffic for known threats.
1 DEPLOY GLOBALPROTECT
1 CREATE FILEBLOCKING PROFILE
1 ATTACH PROFILESTO POLICY RULES 2 DETECT AND
BLOCK THREATS
1 SENDUNKNOWN FILES 2 IDENTIFY THREATS
WITH WILDFIRE 3 DELIVERSIGNATURE
2 ENABLE SSL DECRYPTION
NEXT-GENFIREWALL
01110101011110001010010101101010001010110111010101110
011101000101011100110100011APP-ID
CONTENT-ID
USER-ID
2 CREATE URLFILTERING PROFILE 3 ENABLE USER-ID
Forward all unknown files to WildFire for analysis.