Security Profile Groups
Focus
Focus

Network Security

Security Profile Groups

Table of Contents

Security Profile Groups

Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Cloud Managed)
  • Prisma Access (Panorama Managed)
Check for any license or role requirements for the products you're using.
A security profile group is a set of security profiles that can be treated as a unit and then easily added to security policies. Profiles that are often assigned together can be added to profile groups to simplify the creation of security policies. For example, you can create a Security Profile group for threats that includes profiles for Antivirus, Anti-Spyware, and Vulnerability Protection and then create a Security policy rule that includes the threats profile. Similarly, Antivirus, Anti-Spyware, Vulnerability Protection, URL filtering, and file blocking profiles that are often assigned together can be combined into profile groups to simplify the creation of security policies. You can also setup a default security profile group—new security policies will use the settings defined in the default profile group to check and control traffic that matches the security policy. Name a security profile group default to allow the profiles in that group to be added to new security policies by default. This allows you to consistently include your organization’s preferred profile settings in new policies automatically, without having to manually add security profiles each time you create new rules.
For recommendations on the best-practice settings for security profiles, see Create Best Practice Security Profiles for the Internet Gateway.
Here are the Security Profile settings:
Security Profile Group Settings
Description
Name
The profile group name (up to 31 characters). This name appears in the profiles list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Shared (
Panorama only
)
When a profile group is Shared, the profile group to be available to:
  • Every virtual system (vsys) on a multi-vsys. If you clear this selection, the profile group will be available only to the
    Virtual System
    selected in the
    Objects
    tab.
  • Every device group on Panorama. If you clear this selection, the profile group will be available only to the
    Device Group
    selected in the
    Objects
    tab.
Disable override (
Panorama only
)
Prevents administrators from overriding the settings of this Security Profile group object in device groups that inherit the object. By default, the administrators can override the settings for any device group that inherits the object.
Profiles
Profiles to be included in this group, for example, Antivirus, Anti-Spyware, Vulnerability Protection, URL filtering, and/or file blocking. Data filtering profiles can also be specified in Security Profile groups.

Recommended For You