>
    Web Security: Security Settings
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Web Security Management
    5. Web Security: Security Settings
    Download PDF
    Network Security

    Web Security: Security Settings

    Table of Contents

    Web Security: Security Settings

    Learn how Security Settings work.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Cloud Management)
    • NGFW (Cloud Managed)
    Check for any license or role requirements for the products you're using.
    • Prisma Access
       license or
      AIOps for NGFW
       license
    You may customize your own security settings for protection from specific threats and vulnerabilities. Unless explicitly disabled, security settings apply globally to all allowed web traffic. This means there’s no need to apply security settings to individual policies.
    To go to the Web Security
    Security Settings
     screen, select
    Manage
    Configuration
    NGFW and Prisma Access
    Security Services
    Web Security
    , and the select
    Security Settings
     tab.

    Threat Management

    Automatically inspect and prevent threats at multiple attack vectors.
    Vulnerability Protection
    Detect system flaws that attackers can exploit.
    WildFire & Malware Protection
    Protect against never-before-seen, file-based threats. Prevent viruses from entering your network.
    Country Block Setting
    Add regions you want to block for each Source and Destination. You can editing predefined external dynamic lists, for example, to allow specific domains or URLs within a blocked region when necessary. To do this, go to
    Manage
    Configuration
    NGFW and Prisma Access
    Objects
    External Dynamic Lists
     and make the appropriate changes.
    Detect Command and Control
    Detect command-and-control (C2) activity.
    Application Exceptions
    Exclude these applications from threat inspection.
    Advanced URL inline Categorization
    Enable inline machine learning to analyze and manage URL exceptions in real-time:

    DNS Security

    Analyze DNS requests in real-time, to protect against malware using DNS for C2 and data theft.
    DNS Categories
    Specify the DNS action for each threat category.
    DNS Sinkhole Settings
    Specify IPv4 and IPv6 sinkhole addresses for endpoints.
    Domain Exceptions
    Exclude specific domains analysis.

    Decryption

    Stop hidden threats by getting visibility into encrypted traffic.
    Global Decryption Exclusions
    Bypass certain URL categories and add custom exclusions from SSL decryption.
    Handshake Settings
    Specify the lowest and highest supported versions of SSL and TLS to be used for SSL connections. Also, specify algorithms to be used for key exchange, encryption, and authentication.
    Bypass & Logging Settings
    Choose whether to log successful and unsuccessful TLS Handshakes.
    Actions Options
    Choose to allow or block the sessions when decryption fails or other conditions are met.

    File Control

    Take action when certain types of files enter your network.
    File Types
    Block or allow uploads or downloads of certain file types, or choose to be alerted when certain file types are uploaded or downloaded. Actions available uploads and downloads are:
    • Block
    • Allow
    • Alert

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.