Focus

Set Up or Override a Default Security Profile Group

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Create a Security Profile Group

Data Filtering

Set Up or Override a Default Security Profile Group

Use the following options to set up a default security profile group to be used in new security policies, or to override an existing default group. When an administrator creates a new security policy, the default profile group will be automatically selected as the policy’s profile settings, and traffic matching the policy will be checked according to the settings defined in the profile group (the administrator can choose to manually select different profile settings if desired). Use the following options to set up a default security profile group or to override your default settings.

If no default security profile exists, the profile settings for a new security policy are set to None by default.

Create a security profile group.
1. Select ObjectsSecurity Profile Groups and Add a new security profile group.
2. Give the profile group a descriptive Name, for example, Threats.
3. If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems.
4. Add existing profiles to the group. For details on creating profiles, see Security Profiles.
5. Click OK to save the profile group.
6. Add the security profile group to a security policy.
7. Add or modify a security policy rule and select the Actions tab.
8. Select Group for the Profile Type.
9. In the Group Profile drop-down, select the group you created (for example, select the Threats group):
10. Click OK to save the policy and Commit your changes.
Set up a default security profile group.
1. Select ObjectsSecurity Profile Groups and add a new security profile group or modify an existing security profile group.
2. Name the security profile group default:
3. Click OK and Commit.
4. Confirm that the default security profile group is included in new security policies by default:
  Select PoliciesSecurity and Add a new security policy.
  Select the Actions tab and view the Profile Setting fields:
  
  By default, the new security policy correctly shows the Profile Type set to Group and the default Group Profile is selected.
Override a default security profile group.
If you have an existing default security profile group, and you do not want that set of profiles to be attached to a new security policy, you can continue to modify the Profile Setting fields according to your preference. Begin by selecting a different Profile Type for your policy (PoliciesSecuritySecurity Policy RuleActions).