Tuesday, March 10, 2020

Palo Alto Networks Best Practice Assessment (BPA) tool


  • What is the Best Practice Assessment (BPA)?

The BPA compares your policy configurations against Palo Alto Networks (PAN) best practices, producing a curated set of recommendations to improve your next-generation firewall and Panorama. With a BPA, you will be able to:

▶ Get a comprehensive security health check and gauge where you are with existing policy configurations.
▶ Measure your security capabilities with customizable heatmap reports and industry benchmarks.
▶ Create a roadmap of critical policy configurations for increased threat prevention.
▶ Leverage this tool to improve your prevention posture by following PAN recommended best practices.


The Self-Service BPA will allow customers to access the BPA on their own from the Customer Support Portal. While customers will still be able to work through their account team or partner to run a BPA,  they will now have the option to generate their report independently.


※ Check out the Best Practice Assessment (BPA) overview (YouTube, 3:05).

※ Check out the Understanding the BPA demo (3:19).

※ Learn more with Recorded Webinar - Best Practice Assessment for NGFW and Panorama

America - Watch the webinar (55:16)
APAC - Watch the webinar (50:39)

  • How to use the BPA

Step 1. Generate a Tech Support File from your firewalls.

Step 2. Access the BPA tool from the Customer Support Portal.
Tools > Run 'Best Practice Assessment'.


* If you are not a Super User, you need to add 'BPA User' role in the Roles.

Step 3. Generate a BPA Report by uploading a Tech Support File.
3-1) Click '+ Generate New BPA'.

3-2) Upload a Tech Support File.

3-3) Optionally, map each zone to the area of architecture, or click Skip this step to run the BPA without mapping zones.

3-4) Identify the industry mapped to your account. (e.g., High Technology)


Step 4. Generate & Download Report.
The generated BPA displays the Executive Summary and informs you that the detailed HTML report was downloaded to your computer.

  • Process of running a BPA

Once you’re done running your initial BPA, run the BPA again to measure progress and prioritize the next set of security improvements.
Repeat the cycle until you reach your security goals.


  • Useful Resources

✓ Leveraging Prevention Oriented Architecture - https://www.paloaltonetworks.com/customers/prevention-architecture


✓ Feature Requests / Issues running the BPG - bpa@paloaltonetworks.com

✓ Interpreting BPA results - Palo Alto Networks Account Team or Partners


No comments: