Network Security
Web Security: Security Settings
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
Web Security: Security Settings
Learn how Security Settings work.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
You may customize your own security settings for protection from specific threats and
vulnerabilities. Unless explicitly disabled, security settings apply globally to all
allowed web traffic. This means there’s no need to apply security settings to individual
policies.
To go to the Web Security Security Settings screen, select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWeb Security, and the select Security Settings tab.
Threat Management
Automatically inspect
and prevent threats at multiple attack vectors.
Vulnerability Protection | Detect system flaws that attackers can exploit. |
WildFire & Malware Protection | Protect against never-before-seen, file-based threats. Prevent viruses from entering your network. |
Country Block Setting | Add regions you want to block for each Source and Destination. You can editing predefined external dynamic lists, for example, to allow specific domains or URLs within a blocked region when necessary. To do this, go to ManageConfigurationNGFW and Prisma AccessObjectsExternal Dynamic Lists and make the appropriate changes. |
Detect Command and Control | Detect command-and-control (C2) activity. |
Application Exceptions | Exclude these applications from threat inspection. |
Advanced URL inline Categorization | Enable inline machine learning to analyze and manage URL exceptions in real-time: |
DNS Security
Analyze DNS requests in real-time,
to protect against malware using DNS for C2 and data theft.
DNS Categories | Specify the DNS action for each threat category. |
DNS Sinkhole Settings | Specify IPv4 and IPv6 sinkhole addresses for endpoints. |
Domain Exceptions | Exclude specific domains analysis. |
Decryption
Stop hidden threats by getting
visibility into encrypted traffic.
Global Decryption Exclusions | Bypass certain URL categories and add custom exclusions from SSL decryption. |
Handshake Settings | Specify the lowest and highest supported versions of SSL and TLS to be used for SSL connections. Also, specify algorithms to be used for key exchange, encryption, and authentication. |
Bypass & Logging Settings | Choose whether to log successful and unsuccessful TLS Handshakes. |
Actions Options |
Choose to allow or block the sessions when decryption fails or
other conditions are met.
|
File Control
Take action when certain
types of files enter your network.
File Types | Block or allow uploads or downloads of certain
file types, or choose to be alerted when certain file types are
uploaded or downloaded. Actions available uploads and downloads
are:
|