Set Up or Override a Default Security Profile Group
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Set Up or Override a Default Security Profile Group
Use the following options to set up a default
security profile group to be used in new security policies, or to
override an existing default group. When an administrator creates
a new security policy, the default profile group will be automatically
selected as the policy’s profile settings, and traffic matching
the policy will be checked according to the settings defined in
the profile group (the administrator can choose to manually select
different profile settings if desired). Use the following options
to set up a default security profile group or to override your default
settings.
If no default security profile exists, the
profile settings for a new security policy are set to None by default.
- Create a security profile group.
- Select ObjectsSecurity Profile Groups and Add a new security profile group.Give the profile group a descriptive Name, for example, Threats.If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems.Add existing profiles to the group. For details on creating profiles, see Security Profiles.Click OK to save the profile group.Add the security profile group to a security policy.Add or modify a security policy rule and select the Actions tab.Select Group for the Profile Type.In the Group Profile drop-down, select the group you created (for example, select the Threats group):Click OK to save the policy and Commit your changes.Set up a default security profile group.
- Select ObjectsSecurity Profile Groups and add a new security profile group or modify an existing security profile group.Name the security profile group default:Click OK and Commit.Confirm that the default security profile group is included in new security policies by default:
- Select PoliciesSecurity and Add a new security policy.
- Select the Actions tab and view the Profile Setting fields:By default, the new security policy correctly shows the Profile Type set to Group and the default Group Profile is selected.
Override a default security profile group.If you have an existing default security profile group, and you do not want that set of profiles to be attached to a new security policy, you can continue to modify the Profile Setting fields according to your preference. Begin by selecting a different Profile Type for your policy (PoliciesSecuritySecurity Policy RuleActions).