Check for any license or role requirements for the
products you're using.
Prisma Access license or AIOps for NGFW
license
Web Security policies apply to outbound traffic and web applications. When you enable Web
Security, the following are enabled by default, but you can adjust these settings
later:
Best Practice Decryption
Best practice settings for decryption are enabled.
Global Web Access
Blocks certain URL categories and allows all others with default
Threat Management and DNS
Security settings enabled.
Blocks high-risk web applications and allows all others with default
Threat Management and DNS
Security settings enabled.
You can adjust these settings later.
Global Catch All
Allows web traffic with default Threat Management and
DNS Security settings enabled.
Threat Management and DNS Security settings are based on the following global
defaults, but can be adjusted as needed:
Vulnerability Protection
Blocks medium and above criticality threats. Advanced settings let you
configure these settings for individual threat categories.
Wildfire
Enabled for upload and download of all file types.
Detect Command-And-Control (C2) Activity
Blocks medium and above criticality threats. Advanced settings let you
configure these settings for individual threat categories
Malware Protection
Enabled with default actions for http and http2 decoders.
DNS Security
Enabled with default (best-practices) actions for supported threat
categories. This is only for outbound DNS traffic.
Override Default Web Security Rules
Security Settings for Web Security come from the WebSecurity Snippet by default, but you can override
those settings with your own custom settings or by using a standard profile. Default
Web Access policies come from the Web Security Snippet and can be overridden at any
scope.