How to Create Data Center Best Practice Security Profiles
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- What Is a Data Center Best Practice Security Policy?
- Why Do I Need a Data Center Best Practice Security Policy?
- Data Center Best Practice Methodology
- How Do I Deploy a Data Center Best Practice Security Policy?
- How to Assess Your Data Center
-
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
- Use Cortex XDR Agent to Protect Data Center Endpoints
- Create Data Center Traffic Block Rules
- Order the Data Center Security Policy Rulebase
- Maintain the Data Center Best Practice Rulebase
- Use Palo Alto Networks Assessment and Review Tools
End-of-Life (EoL)
How to Create Data Center Best Practice Security Profiles
Use Security Profiles to protect against vulnerabilities,
spyware, viruses, bad file types, and unknown threats.
Security profiles provide fundamental
protections by scanning traffic that you allow on the network for
threats. Security profiles provide a full suite of coordinated threat
prevention tools that block peer-to-peer command and control (C2)
application traffic, dangerous file types, attempts to exploit vulnerabilities,
and antivirus signatures, and also identify new and unknown malware.
It takes relatively little effort to apply security profiles
because Palo Alto Networks provides predefined profiles that you can
simply add to security policy allow rules. Customizing security
profiles is easy because you can clone a predefined profile and
then edit it. Of course, you can also create a security profile
from scratch on the firewall or on Panorama.
To detect known and unknown threats in your network traffic,
attach security profiles to all security policy rules that allow traffic
on the network, so that the firewall inspects all allowed traffic.
The firewall applies security profiles to traffic that matches the
security policy allow rule, scans traffic in accordance with the
security profile settings, and then takes appropriate actions to
protect the network. The recommendations for best practice security
profiles apply to all four of the data center traffic flows except
as noted.
Download content updates automatically
and install them as soon as possible so that you have the latest
threat prevention signatures and content (antivirus, anti-spyware,
vulnerabilities, malware, etc.) on the firewall and block the latest
threats.
- Create the Data Center Best Practice Antivirus Profile
- Create the Data Center Best Practice Anti-Spyware Profile
- Create the Data Center Best Practice Vulnerability Protection Profile
- Create the Data Center Best Practice File Blocking Profile
- Create the Data Center Best Practice WildFire Analysis Profile
Create one or more Security profile groups so
that you can apply all of the profiles to a Security policy rule
at one time instead of specifying them individually.
You don’t need a URL Filtering subscription for data center
firewalls if there is no direct outbound connection to the internet.
Firewalls that don’t connect directly to the internet don’t need
the PAN-DB URL Filtering solution because it identifies internet
URLs, not private data center URLs, so importing the PAN-DB database
and checking URLs against it doesn’t apply to data center traffic.
If you’re not sure whether a firewall has URL traffic, get a trial
URL Filtering subscription and set the profile to alert on all URL
categories to identify any URL traffic. Otherwise, URL Filtering
should take place on firewalls at the network perimeter where user
traffic enters and exits the network, not at the data center perimeter.
Consider creating custom URL categories (ObjectsCustom ObjectsURL Category)
to identify and control access to internal data center web services.