Implement Best Practices and Recommendations

Enhance your organization’s security posture with AIOps by identifying deviations from Cisco Secure Firewall best practices. Run assessments on your devices, generate reports, and receive insights that guide you toward optimal performance.

  • Assessment: Evaluates your firewall configuration across multiple categories. Each check determines alignment with Cisco Secure Firewall best practices. The report summarizes the total number of checks performed. It categorizes the results as Passed or Requires review.

    Checks that require review indicate deviations that could impact firewall efficiency and security. Each failed check presents an opportunity for improvement. Addressing these checks contributes directly to optimizing firewall performance.

  • Recommendation: Provides specific recommendations to address identified issues, ensuring optimal firewall performance. These include detailed information such as the nature of the problem, symptoms, impact, and required actions.

The best practices and recommendations checks are developed with input from Cisco's Technical Assistance Center (TAC) and Customer Experience (CX) teams. This input helps address trending issues, incorporate industry best practices, and enhance the reliability of recommendations. Implement these recommendations to resolve issues, align with best practices, and optimize firewall performance.

Key Features

Feature

Description

Automated Assessments

Runs periodic evaluations of firewall devices against Cisco best practices.

Checks Summary

Displays how many checks passed and highlights those requiring review.

Trend Visualization

Shows the number of checks over time, helping you compare passed and failed checks across assessment cycles.

Device Reports

Provides device-specific results and percentage of improvement potential.

Review Category and Check Control

Enable or disable review categories or individual checks for future assessments.

Before you begin

Ensure that Best Practices is enabled under Settings. For more information, see AIOps Settings.

Procedure

Step 1

In the left pane, click Monitor > Insights & Reports > AIOps Insights > Best Practices and Recommendations.

The Assessment Summary provides a high-level overview of assessment results. It includes two tiles:

  • Checks summary: Displays the total number of checks and highlights those requiring review.

  • Best practices assessment trend: Helps you track assessment outcomes over time. The Y-axis represents the number of checks, and the X-axis shows assessment dates. You can hover over data points to view summary statistics.

  • Feedback: A mechanism for you to provide feedback on the assessments. You can enter optional comments and grant consent for follow-up contact regarding your feedback.

Step 2

In the Device reports section, you can view the list of all available device reports. Filter devices by Device status, Review categories, or Assessment status to narrow down results.

Assessment Statuses: Each device report has an Assessment Status, which indicates the current state of the assessment.

  • In progress: An assessment is actively running. After completion, a report will be generated.

  • In queue: The previous assessment is outdated, and a new one has been scheduled.

  • Updated: The assessment is complete, and the latest report is available for review.

  • Error: The assessment could not be completed due to an error. The report will be automatically generated after 24 hours. If the issue persists, contact Cisco TAC for assistance.

Step 3

From the three-dot menu icon next to each device:

  1. Click Run assessment to initiate a new assessment.

  2. Click Download report to export the Best Practices assessment summary report in PDF format.

Schedule Device Assessment

Periodic assessments run automatically, but you can also run assessments manually at any time. In environments with more than 50 devices, only 50 devices can be analyzed per day. Use the Select devices option on the Best Practices and Recommendations page to choose which devices are included in automated assessments.

  • Select devices for automated assessments:

    1. Click Select devices in the notification banner to open the Schedule devices for assessment dialog. This dialog allows you to choose which devices run automated assessments.

    2. Devices in the Scheduled devices panel are included in automated assessments. Click Save.

  • Mange scheduled devices: You can update the list of scheduled devices at any time. Devices removed from the Scheduled devices panel are no longer included in automated assessments. Devices added to this panel are included in future automated assessments.

  • Device scheduling limits: You can schedule a maximum of 50 devices for automated assessments. The Scheduled devices panel displays the number of currently scheduled devices, for example 48 / 50 devices. When 50 devices are selected, further selection is disabled and a tooltip indicates that the maximum number of scheduled devices has been reached.

Step 4

Click on a Device name to view a detailed report for that specific device.

  • Check the Show passed checks checkbox to view successful checks in the detailed view. This provides full visibility into all checks.

  • In the Best practices assessment section, view the Total checks, how many Passed and Require review.

  • Expand each check to view the remediations and corrective actions.

Step 5

Enable or disable an entire category from future assessments. You can also disable individual checks within a category.

  • Disable the toggle to exclude a review category or check from future assessments.

  • Enable the toggle to include it in future assessments.

Note

Disabling a category or check does not affect the actual feature or its operation. The feature continues to function normally, but it is excluded from Best Practices assessments.