Strat Cloud Manager ( => move away from Panorama
Prisma Access (Global Protect)
Commits
General Protection
- Zone Protection profiles on all interfaces
- Migrate to Application-based rules
- Shared rules .. eg. geoblocks, bad apps, cleanup
- Criticality threshold, medium severity is common
- Zero trust
- External Dynamic List
Remote User /On-Prem Protection
- Threat Protection
- URL Filtering
- SSL Forward Proxy (SSLD)
- Global Protect VPN W/Full Tunnel & HIPs
- User-ID
- Data Redistribution
Responsiveness
- Directional Clean up rulesHA configured locally, not in panorama
- Link and path monitoring for hardare
- Baseline or referenece device group
- use tags
- Self-documentation configuration
- Security profile group for different use case
- Device group tiers and shared templates
Resilience
- Automate update installation, config backups
- Separate virtual router for secondary ISP
- Use path monitoring (not PBF) for route failover
- HA configured locally, not in Panorama
- Link and path monitoring for Hardware failover
- Use monitor profiles for all IPSec tunnels
Palo Alto
Prisma Access - Associate Tenant
Prisma Access - Mobile Developer Tenant
Panorama Gateways
