Ensure ‘Applications and Threats Update Schedule’ is set to download and install updates at daily or shorter intervals
Details The CA Certificate used for in-line HTTP Man in the Middle should be trusted by target users. For SSL...
- Home
- Security Hardening
- CIS Palo Alto Firewall 9 Benchmark L2 V1.0.0
CIS Palo Alto Firewall 9 Benchmark L2 V1.0.0
Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone
Details When permitting traffic from an untrusted zone, such as the Internet or guest network, to a more trusted zone,...Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones
Details Enable all Flood Protection options in the Zone Protection Profile attached to all untrusted zones. The Alert, Activate, and...Ensure that IP addresses are mapped to usernames – User ID Agents
Details Configure appropriate settings to map IP addresses to usernames. Mapping userids to IP addresses is what permits the firewall...Ensure that IP addresses are mapped to usernames – Zones
Details Configure appropriate settings to map IP addresses to usernames. Mapping userids to IP addresses is what permits the firewall...Ensure that the Certificate Securing Remote Access VPNs is Valid – Certificates
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...Ensure that the Certificate Securing Remote Access VPNs is Valid – GlobalProtect Gateways
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...Ensure that the Certificate Securing Remote Access VPNs is Valid – GlobalProtect Portals
Details The Certificate used to secure Remote Access VPNs should satisfy the following criteria: It should be a valid certificate...Ensure that the Certificate used for Decryption is Trusted
Details The CA Certificate used for in-line HTTP Man in the Middle should be trusted by target users. For SSL...Ensure that WMI probing is disabled
Details Disable WMI probing if it is not required for User-ID functionality in the environment. Rationale: WMI probing normally requires...