>
    Activate a Security Profile
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Security Profiles
    4. Activate a Security Profile
    Download PDF

    Network Security

    Activate a Security Profile

    Table of Contents

    Activate a Security Profile

    Create a security profile group and add it to a security policy.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Cloud Managed)
    • NGFW (PAN-OS & Panorama Managed)
    • Prisma Access (Cloud Managed)
    • Prisma Access (Panorama Managed)
    Check for any license or role requirements for the products you're using:
    • Prisma Access license or AIOps for NGFW license
    While Security policy rules enable you to allow or block traffic on your network, Security profiles help you define an allow but scan rule, which scans allowed applications for threats, such as viruses, malware, spyware, and DDOS attacks. When traffic matches the allow rule defined in the Security policy, the Security profile(s) that are attached to the rule are applied for further content inspection rules such as antivirus checks and data filtering.
    Security profiles are the only profiles that attach to security policy rules. Profiles and the policies that they attach to must be of the same type.
    Security profiles are not used in the match criteria of a traffic flow. The Security profile is applied to scan traffic after the application or category is allowed by the Security policy.
    You can use out of the box default Security profiles to begin protecting your network from threats. See Set Up a Basic Security Policy for information on using the default profiles in your Security policy.
    For recommendations on the best-practice settings for Security profiles, see Create Best Practice Security Profiles for the Internet Gateway.
    Use the following steps to create a security profile group and add it to a security policy.

    Cloud Managed

    Create a security profile group and add it to a security policy.
    In Cloud Management, a Security profile is only active when these two things are in place:
    • The Security profile is in a profile group
      A profile group is a set of profiles—it can contain one profile from each profile type.
    • A Security rule is referencing the profile group
      When a Security rule is referencing a profile group, you can make updates to the individual profiles and the group without editing the Security rule. The Security rule automatically enforces your changes, without requiring you to make a policy commit.
      Use the following steps to create a security profile group and add it to a security policy.
    Use the following steps to create a security profile group and add it to a security policy.
    2. Add a security profile group to a security policy.
      1. Select
        Manage
        Configuration
        NGFW and Prisma Access
        Security Services
        Security Policy
         and
        Add Rule
         or modify a security policy rule.
      2. In the
        Profile Group
         drop-down in the
        Actions
         tab, select the group you created (for example, select the best-practice group):
      3. Select
        Save
         to save the policy rule.
    3. Select
      Push Config
       to push your configuration changes to your network.

    PAN-OS & Panorama

    Create a security profile group and add it to a security policy.
    2. Add a security profile group to a security policy.
      1. Select
        Policies
        Security
         and
        Add
         or modify a security policy rule.
      2. Select the
        Actions
         tab.
      3. In the Profile Setting section, select
        Group
         for the
        Profile Type
        .
      4. In the
        Group Profile
         drop-down, select the group you created (for example, select the best-practice group):
      5. Click
        OK
         to save the policy rule and
        Commit
         your changes.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.