Every Palo Alto Networks next-generation firewall
comes with predefined
Antivirus,
Anti-Spyware, and
Vulnerability Protection profiles that
you can attach to Security policy rules. There is one predefined
Antivirus profile,
default, which uses the
default action for each protocol (block HTTP, FTP, and SMB traffic
and alert on SMTP, IMAP, and POP3 traffic). There are two predefined
Anti-Spyware and Vulnerability Protection profiles:
default—Applies
the default action to all client and server critical, high, and
medium severity spyware/vulnerability protection events. It does
not detect low and informational events.
strict—Applies the block response
to all client and server critical, high and medium severity spyware/vulnerability
protection events and uses the default action for low and informational events.
To
ensure that the traffic entering your network is free from threats,
attach the predefined profiles to your basic web access policies.
As you monitor the traffic on your network and expand your policy
rulebase, you can then design more granular profiles to address
your specific security needs.
Use the following workflow to
set up the default Antivirus, Anti-Spyware, and Vulnerability Protection
Security
Profiles.
Palo Alto Networks defines
a default action for all anti-spyware and vulnerability protection
signatures. To see the default action, select or and
then select a profile. Click the Exceptions tab and then click Show
all signatures to view the list of the signatures and the corresponding
default Action. To change the default action,
create a new profile and specify an Action,
and/or add individual signature exceptions to Exceptions in
the profile.