Detections
Analytics

CIS Palo Alto Firewall 9 Benchmark L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Palo Alto Firewall 9 Benchmark L2 v1.0.0

Updated: 5/27/2022

Authority: Network Devices

Plugin: Palo_Alto

Revision: 1.5

Estimated Item Count: 19

Audit Items

DescriptionCategories
1.1.1.2 SNMPv3 traps should be configured - configuration
1.1.1.2 SNMPv3 traps should be configured - hip match
1.1.1.2 SNMPv3 traps should be configured - host
1.1.1.2 SNMPv3 traps should be configured - ip-tag
1.1.1.2 SNMPv3 traps should be configured - user-id
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - Certificates
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - GlobalProtect Gateways
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - GlobalProtect Portals
2.1 Ensure that IP addresses are mapped to usernames - User ID Agents
2.1 Ensure that IP addresses are mapped to usernames - Zones
2.2 Ensure that WMI probing is disabled
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals
6.17 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone
8.3 Ensure that the Certificate used for Decryption is Trusted
Palo Alto software version 9 not found.