Ensure that the certificate securing Remote Access VPNs is valid – Certificates
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...
- Home
- Security Hardening
- CIS Palo Alto Firewall 8 Benchmark L1 V1.0.0
CIS Palo Alto Firewall 8 Benchmark L1 V1.0.0
Ensure that the certificate securing Remote Access VPNs is valid – GlobalProtect Gateways
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...Ensure that the certificate securing Remote Access VPNs is valid – GlobalProtect Portals
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...Ensure that the User-ID Agent has minimal permissions if User-ID is enabled
Details If the integrated (on-device) User-ID Agent is utilized, the Active Directory account for the agent should only be a...Ensure that the User-ID service account does not have interactive logon rights
Details Restrict the User-ID service account from interactively logging on to systems in the Active Directory domain. Rationale: In the...Ensure that User-ID is only enabled for internal trusted interfaces
Details Only enable the User-ID option for interfaces that are both internal and trusted. There is rarely a legitimate need...Ensure that WildFire file size upload limits are maximized
Details Increase WildFire file size limits to the maximum file size supported by the environment. An organization with bandwidth constraints...Ensure ‘V3’ is selected for SNMP polling
Details For SNMP polling, only SNMPv3 should be used. Rationale: SNMPv3 utilizes AES-128 encryption, message integrity, user authorization, and device...Ensure ‘Verify Update Server Identity’ is enabled
Details This setting determines whether or not the identity of the update server must be verified before performing an update...Ensure ‘WildFire Update Schedule’ is set to download and install updates every minute
Details Set the WildFire update schedule to download and install updates every minute. Rationale: WildFire definitions may contain signatures to...