Activate a Security Profile
Focus
Focus
Network Security

Activate a Security Profile

Table of Contents

Activate a Security Profile

Create a security profile and add it to a security policy.
Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Cloud Managed)
  • Prisma Access (Panorama Managed)
Check for any license or role requirements for the products you're using.
While Security policy rules enable you to allow or block traffic on your network, Security profiles help you define an allow but scan rule, which scans allowed applications for threats, such as viruses, malware, spyware, and DDOS attacks. When traffic matches the allow rule defined in the Security policy, the Security profile(s) that are attached to the rule are applied for further content inspection rules such as antivirus checks and data filtering.
Security profiles are the only profiles that attach to security policy rules. Profiles and the policies that they attach to must be of the same type.
  • Security profiles are not used in the match criteria of a traffic flow. The Security profile is applied to scan traffic after the application or category is allowed by the Security policy.
  • You must create a security profile group to add security profiles to policy rule in Cloud Management, but PAN-OS and Panorama do not have this requirement.
You can use out of the box default Security profiles to begin protecting your network from threats. See Set Up a Basic Security Policy for information on using the default profiles in your Security policy.
For recommendations on the best-practice settings for Security profiles, see Create Best Practice Security Profiles for the Internet Gateway.
Use the following steps to create a security profile group and add it to a security policy.

Cloud Managed

Create a security profile group and add it to a security policy.
In Cloud Management, a Security profile is only active when these two things are in place:
  • The Security profile is in a profile group
    A profile group is a set of profiles—it can contain one profile from each profile type.
  • A Security rule is referencing the profile group
    When a Security rule is referencing a profile group, you can make updates to the individual profiles and the group without editing the Security rule. The Security rule automatically enforces your changes, without requiring you to make a policy commit.
    Use the following steps to create a security profile group and add it to a security policy.
Use the following steps to create a security profile group and add it to a security policy.
  1. Add a security profile group to a security policy.
    1. Select
      Manage
      Configuration
      NGFW and
      Prisma Access
      Security Services
      Security Policy
      and
      Add Rule
      or modify a security policy rule.
    2. In the
      Profile Group
      drop-down in the
      Actions
      tab, select the group you created (for example, select the best-practice group):
    3. Select
      Save
      to save the policy rule.
  2. Select
    Push Config
    to push your configuration changes to your network.

PAN-OS & Panorama

Create a security profile group and add it to a security policy.
  1. Add a security profile to a security policy.
    1. Select
      Policies
      Security
      and
      Add
      or modify a security policy rule.
    2. Select the
      Actions
      tab.
    3. In the Profile Setting section, select
      Profiles
      for the
      Profile Type
      .
    4. Select the profiles you want to add to your policy rule.
    5. Click
      OK
      to save the policy rule and
      Commit
      your changes.

Recommended For You