By Jason Rakers, Lead Network Engineer, Dick's Sporting GoodsIn June, we released the Palo Alto Networks Best Practices Booklet, an online resource with more than 300 pages containing roughly 200 user recommendations, covering everything from initial configuration to securing your public cloud footprint. With so much content available, it can be hard to pick a place to get started, so Fuel’s volunteer Education Committee has broken this resource down into four main areas of focus: Manageability, Security, Performance and High Availability. Throughout the coming months, we’ll be featuring a different quarterly topic, and providing webinars, open member dialogues, weekly tips and more to members, courtesy of Fuel volunteers—users like you. This month, we’ll start with Manageability.
Sure, securing your environment with advanced security protections is exciting! There’s no better place to start improving your organization’s cybersecurity plan than figuring out how you are going to manage this environment you are creating. Hear me out; even though the areas of Security, Performance, and even High Availability are all the rage on social media, in the long term, getting your arms around your ability to manage the environment will matter more.
Over the next two months, the Fuel User Group be sharing a lot of tips and information around Manageability. Here are some of the big themes you’ll see:
- Getting the lay of the land – Documenting your configuration and building a topology map
- Do it right the first time – Why configuration matters, and how to set yourself up for success
- Measure twice, cut once – How to measure the impact of your changes, as well as how to make sure your changes don’t have any unintended consequences
- Keep it simple – We’ll also look at how a thoughtful approach to planning (such as your naming conventions) can simplify your work down the long road to come
To get started, here are some of my favorite topics from the Fuel Best Practices Booklet:
- Document your configuration (page 35) – I know, I know, you want to do something cool and not documentation, but this is a long term investment. It doesn’t have to be fancy, but it needs to be detailed. Imagine a diagram showing your firewall interface names, IP addresses, and which security zone is assigned to which interfaces. The key here is keeping your information up to date, so pick a format you can update easily. Sometimes a lot of fancy formatting looks pretty, but then you don’t remember how to do it again nor want to ruin your masterpiece with a new addition.
- While you’re at it, document “normal” traffic (page 36) – This benchmark will serve you well at a later point when something is not working. If you don’t know what “normal” is, how do you recognize what’s not? For instance, UDP traffic in Monitor tab will show “aged-out” as the Session End Reason, don’t freak that is normal, but if you see this for TCP traffic perhaps you have a routing issue.
- Use Rule Tags to Organize Rules into Groups (page 126-127) – Here you go…something cool! Want to find rules related to your Database Engineering or Human Resources teams? Tag their specific rules as “database” or “HR”, and now you can use the policy search bar to quickly find those or any other tagged rules.
- Evaluate what you log, and how (pages 276-283) – You could log everything, start to finish, front to back that will generate tons of meaningful records, but it also will make it harder to figure out what’s happening. Sometimes being overly thorough can backfire. Instead, use these recommendations to make sure you’re capturing the most important pieces of information the right way.
If you like these tips, make sure you subscribe to Fuel’s “Tip of the Week” to have more recommendations delivered directly to you, plus information on upcoming Fuel Best Practices education opportunities. Or just go rogue, and download the full book and review at your own pace!