Detections
Analytics

CIS Palo Alto Firewall 11 v1.1.0 L2

Audit Details

Name: CIS Palo Alto Firewall 11 v1.1.0 L2

Updated: 11/8/2024

Authority: CIS

Plugin: Palo_Alto

Revision: 1.1

Estimated Item Count: 11

File Details

Filename: CIS_Palo_Alto_Firewall_11_Benchmark_v1.1.0_L2.audit

Size: 119 kB

MD5: 289976cb3f0a8d0c60ff7211d68a78ae
SHA256: c5a95051c4b2e1fd838e3b5ea1664b80a654fa2b20915d4e6e7fb21d6c89d254

Audit Changelog

 
Revision 1.1

Nov 8, 2024

Functional Update
  • 1.1.1.2 SNMPv3 traps should be configured
  • 1.2.5 Ensure valid certificate is set for browser-based administrator interface
  • 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid
  • 1.7.1 Enabling Post-Quantum (PQ) on IKEv2 VPNs
  • 2.1 Ensure that IP addresses are mapped to usernames
  • 2.2 Ensure that WMI probing is disabled
  • 5.7 Choosing Wildfire public cloud region
  • 6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones
  • 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone
  • 8.3 Ensure that the Certificate used for Decryption is Trusted
Miscellaneous
  • References updated.
  • Variables updated.