Network Security
Create a Security Profile Group (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Create a Security Profile Group (Strata Cloud Manager)
Create a security profile group and add it to a Security policy.
In Strata Cloud Manager, a Security profile is only active when these two things are
in place:
-
The Security profile is in a profile groupA profile group is a set of profiles—it can contain one profile from each profile type.
-
A Security rule is referencing the profile groupWhen a Security rule is referencing a profile group, you can make updates to the individual profiles and the group without editing the Security rule. The Security rule automatically enforces your changes, without requiring you to make a policy commit.To get started, you’ll need to:
- Add a profile groupWhen adding a Security Profile Group to your configuration, begin by providing a descriptive name and optional description to identify the purpose and functionality of the group.
- Choose your Security Profiles Select the security profiles you wish to include within the group. These profiles can encompass various security aspects such as antivirus, antispyware, vulnerability protection, URL Filtering, and more. Customize each selected profile based on specific security rules and threat prevention needs.After configuring the profiles, associate the profile group with security rules to ensure consistent and comprehensive threat prevention. Implement this association by editing existing security rules or creating new ones, referencing the Security Profile Group accordingly.
- Review your Security Profile GroupRegularly reviewing and updating your Security Profile Groups is crucial to adapt to evolving threats and security requirements. This iterative process involves fine-tuning profile settings and incorporating new threat intelligence to optimize security efficacy. By effectively utilizing security profile groups, you can streamline security policy management, achieve granular threat prevention, and fortify your network against a wide array of cyberthreats.
Use the following steps to create a security profile group and add it to a Security policy. - Add a profile group
- Create a security profile group.If you name the group default, it'll be automatically attached to any new rules you create. This is a time saver if you have a preferred set of security profiles that you want to make sure get attached to every new rule.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesProfile Groups and Add Profile Group.
- Give the profile group a descriptive Name, for example, Threats.
- Add existing profiles to the group.
- Select Save to save the profile group.
- Add your security profile group to a Security policy.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy and Add Rule or modify a security security rule.
- In the Profile Group drop-down in the
Actions tab, select the group you created
(for example, select the best-practice group):
- Select Save to save the security rule.
- Select Push Config to push your configuration changes to your network.
Set Up or Override a Default Security Profile Group
A Security Profile Group streamlines the
management and application of security settings, allowing you to apply a set of
predefined profiles to traffic based on their security
requirements.
Additionally, you can set up a default Security Profile
Group to be used in new security rules, or to override an existing
default group. When you create a new Security policy, the default profile group
is automatically selected as the policy’s profile settings, and traffic matching
the policy are checked according to the settings defined in the profile group
(you can choose to manually select different profile settings if desired).
If you have an existing default Security Profile Group, and you don't want that
set of profiles to be attached to a new security rule, you can override the
default Security Profile Group and select a different profile group. Use the
following options to set up a default Security Profile Group or to override your
default settings.
- Set up a default security profile group.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesProfile Groups and add a new security profile group or modify an existing security profile group.
- Name the security profile group
default:
- Select Save and Push Config.
- Confirm that the default security profile group is included in new
security rules by default:
-
Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy and Add Rule.
-
Select the Actions tab and view the Profile Setting fields:The new Security policy has the default Profile Group selected.
-
- Override a default security profile group.If you have an existing default security profile group, and you do not want that set of profiles to be attached to a new security rule, you can select a different Profile Group.