1 | Confidential. Heartland Business Systems, LLC. All Rights Reserved.

Health Check Assessment and Recommendations

1. General Device Configuration

1.1 Best-Practice System Configuration Item Comments 1.1.3

Observation Certificate expiration check not enabled.

Security Priority N/A

Remediation Service Impact Risk

None.

Recommendation Enable option for “certificate expiration check”.

Justification Certificates loaded on the Palo Alto firewall are commonly used for purposes such as SSL decryption, device administration, user identification, VPN, etc. HBS recommends enabling the certificate expiration check so certificates nearing expiration warn the administrator. Take appropriate action to renew the certificate before a service impact occurs. A valid e-mail profile that generates a notification for critical severity events is required.

References:

Palo Alto Device Help Pages

Device à Setup à Management

Remediation Impact Notes

None.

Item Comments 1.1.4

Observation Log storage quota not optimized.

Security Priority N/A

Remediation Service Impact Risk

None.

Recommendation Customize the default storage quotas to better utilize available log space for desired firewall logs.

Justification All log storage categories come with a predetermined amount of capacity reserved. Customize the default settings to maximize the storage space for