* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Technical Documentation](https://www.paloaltonetworks.com.au/blog/category/technical-documentation/)
* Tech Docs: How Secure is ...

# Tech Docs: How Secure is Your Internet Gateway?

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F05%2Ftech-docs-how-secure-is-your-internet-gateway%2F)  
[](https://twitter.com/share?text=Tech+Docs%3A+How+Secure+is+Your+Internet+Gateway%3F&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F05%2Ftech-docs-how-secure-is-your-internet-gateway%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F05%2Ftech-docs-how-secure-is-your-internet-gateway%2F&title=Tech+Docs%3A+How+Secure+is+Your+Internet+Gateway%3F&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2016/05/tech-docs-how-secure-is-your-internet-gateway/&ts=markdown)  
\[\](mailto:?subject=Tech Docs: How Secure is Your Internet Gateway?)  
Link copied  
By [Charissa Fleischer](https://www.paloaltonetworks.com/blog/author/charissa-fleischer/?ts=markdown "Posts by Charissa Fleischer")  
May 25, 2016  
2 minutes  
[Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)  
[App-ID](https://www.paloaltonetworks.com/blog/tag/app-id/?ts=markdown)  
[Content ID](https://www.paloaltonetworks.com/blog/tag/content-id/?ts=markdown)  
[User-ID](https://www.paloaltonetworks.com/blog/tag/user-id/?ts=markdown)

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/05/TechDocs_logo_lrg_final1.jpg)  
[![TechDocs\_logo\_lrg\_final\[1\]](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/05/TechDocs_logo_lrg_final1-500x153.jpg)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/05/TechDocs_logo_lrg_final1.jpg)

One of the cheapest and easiest ways for an attacker to get into to your network is through users accessing the Internet. By successfully exploiting an endpoint, an attacker can take hold in your network and begin to move laterally toward an end goal, whether that is to steal your source code, exfiltrate your customer data, or take down your infrastructure. To protect your network from cyberattacks and improve your overall security posture, implement a [Best Practice Internet Gateway Security Policy](https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/best-practice-internet-gateway-security-policy).

A best practice Internet gateway security policy has two main security goals:

* Minimize the chance of a successful intrusion---Unlike legacy port-based security policies that either block everything in the interest of network security, or enable everything in the interest of your business, a best practice security policy leverages App-ID™, User-ID™, and Content-ID™ to ensure safe enablement of applications across all ports, for all users, all the time, while simultaneously scanning all traffic for both known and unknown threats.
* Identify the presence of an attacker---A best practice Internet gateway security policy provides built-in mechanisms to help you identify gaps in the rulebase and detect alarming activity and potential threats on your network.

These best practices work because they employ methodologies (shown in the infographic below) that help you reduce your attack surface and enable detection and prevention of both known and unknown threats at all stages of the attack lifecycle.

Remember, security doesn't come in a box. When deciding whether to implement a best practice Internet gateway security policy, answer the following questions: Are you using an application-based security policy? Blocking dangerous URLs and file types? Scanning for known and unknown threats? Decrypting traffic? If you answered no to any of these questions, you have room to improve your security posture. [Get started now](https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/best-practice-internet-gateway-security-policy).

*** ** * ** ***

## Related Blogs

### [カテゴリーなし](https://www.paloaltonetworks.com/blog/category/%e3%82%ab%e3%83%86%e3%82%b4%e3%83%aa%e3%83%bc%e3%81%aa%e3%81%97/?lang=ko&ts=markdown)

[#### 「レイヤーは皆平等」ではない](https://www.paloaltonetworks.com.au/blog/2019/07/network-layers-not-created-equal/?lang=ja)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### All Layers Are Not Created Equal](https://www.paloaltonetworks.com.au/blog/2019/05/network-layers-not-created-equal/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Securing and Managing ChatGPT Traffic with Palo Alto Networks App-ID](https://www.paloaltonetworks.com.au/blog/2023/05/securing-and-managing-chatgpt-traffic/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### New: More Cloud NGFW Scalability Across Multiple AWS VPCs](https://www.paloaltonetworks.com.au/blog/network-security/cloud-ngfw-across-multiple-aws-vpcs/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### See The Latest Software Firewall Developments at AWS re:Invent 2022](https://www.paloaltonetworks.com.au/blog/network-security/software-firewalls-at-aws-reinvent/)

### [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### Understanding Template Injection Vulnerabilities](https://www.paloaltonetworks.com.au/blog/cloud-security/template-injection-vulnerabilities/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language