• Avoid using the All selection for the source and destination addresses. Use addresses or address groups.

• Avoid using Any for the services.

• Use logging on a policy only when necessary and be aware of the performance impact. For example, you may want to log all dropped connections but can choose to use this sparingly by sampling traffic data rather than have it continually storing log information you may not use.

• Use the comment field to input management data, for example: who requested the rule, who authorized it, etc.

• Avoid FQDN addresses if possible, unless they are internal. It can cause a performance impact on DNS queries and security impact from DNS spoofing.

• If possible, avoid port ranges on services for security reasons.

• Use groups whenever possible.

• To ensure that all AV push updates occur, ensure you have an AV profile enabled in a security policy.