Provide a stable platform to build your defense against security threats:

• Content update schedule not following best practices – Antivirus, Wildfire, Content, GlobalProtect data file, GlobalProtect clientless VPN content
• Ensure update schedule set to download and install
• Debug mode enabled
• WildFire cloud registration is failing
• EDL(s) configured – empty or not used in policy
• High neighbor discovery (ND) cache usage

Automate repetitive and manual intensive maintenance tasks such as identifying if:

 

• Panorama certificate about to expire
• License usage limit approaching
• License about to expire
• Contract(s) expiration nearing
• VPN software end of support nearing
• Hardware & software end of support nearing

Proactively automate tasks to ensure seamless failover in the event of firewall failure. Check active and standby devices for mismatches such as:

• Static routing table does not match
• Network interface MTU does no match
• NTP servers used do not match
• Radius servers do not match
• Cluster members’ domain names mismatch
• HA pair member is in suspended state for too long

Continuously evaluate of critical resources to avoid outages:

• SSL decryption – memory usage too high, sessions near capacity  
• VPN – tunnels down, dropping packets due to authentication errors or decryption errors
• System – CPU, log DB usage, critical processes, 
• Network Interfaces – packet drops, errors, link utilization, data plane pool utilization
• Connections – limit nearing, drastic drop, connection to Panorama

Ensure your infrastructure meets internal and external compliance requirements:

• Vulnerability profile not following best practices
• Ensure dangerous URL categories are blocked
• Decryption profile not following best practices
• DNS sinkholing not enabled
• Insecure LDAP communication
• Admin lockout time not within the recommended range  
• Checks for OS software versions, DNS & NTP servers to ensure compliance