Ensuring Security on Device

Once a new firewall has been deployed and services/access is all working what are some tips or tricks to either enforce or enhance that the configurations are secure? I noticed on the online Demo of the XG product, there is a final entry on the Firewall rules called "Cleanup" and I am wondering if these are the types of things that one can add to ensure security.

I'm not quite at that stage but I want to keep these ideas in my head as I'm creating rules. How do you expert administrators breath a sigh of relief in knowing you have done everything possible to make the firewall as secure as possible.

Thank you.