End-of-Life (EoL)

Set Up Antivirus, Anti-Spyware, and Vulnerability Protection Profiles

Every Palo Alto Networks next-generation firewall comes with redefined Antivirus, Anti-Spyware, and Vulnerability Protection profiles that you can attach to security policies. There is one predefined Antivirus profile,
default
, which uses the default action for each protocol (block HTTP, FTP, and SMB traffic and alert on SMTP, IMAP, and POP3 traffic). There are two predefined Anti-Spyware and Vulnerability Protection profiles:
  • default
    —Applies the default action to all client and server critical, high, and medium severity spyware/vulnerability protection events. It does not detect low and informational events.
  • strict
    —Applies the block response to all client and server critical, high and medium severity spyware/vulnerability protection events and uses the default action for low and informational events.
To ensure that the traffic entering your network is free from threats, attach the predefined profiles to your basic web access policies. As you monitor the traffic on your network and expand your policy rulebase, you can then design more granular profiles to address your specific security needs.
  1. Verify that you have a Threat Prevention license.
    • The Threat Prevention license bundles the Antivirus, Anti-Spyware, and the Vulnerability Protection features in one license.
    • Select
      Device
      Licenses
      to verify that the
      Threat Prevention
      license is installed and valid (check the expiration date).
  2. Download the latest antivirus threat signatures.
    1. Select
      Device
      Dynamic Updates
      and click
      Check Now
      at the bottom of the page to retrieve the latest signatures.
    2. In the
      Actions
      column, click
      Download
      to install the latest Antivirus, and Applications and Threats signatures.
  3. Schedule signature updates.
    Perform a
    download-and-install
    on a daily basis for antivirus updates and weekly for applications and threats updates.
    1. From
      Device
      Dynamic Updates
      , click the text to the right of
      Schedule
      to automatically retrieve signature updates for
      Antivirus
      and
      Applications and Threats
      .
    2. Specify the frequency and timing for the updates and whether the update will be downloaded and installed or only downloaded. If you select
      Download Only
      , you would need to manually go in and click the
      Install
      link in the
      Action
      column to install the signature. When you click
      OK
      , the update is scheduled. No commit is required.
    3. (Optional) You can also enter the number of hours in the
      Threshold
      field to indicate the minimum age of a signature before a download will occur. For example, if you entered
      10
      , the signature must be at least 10 hours old before it will be downloaded, regardless of the schedule.
    4. In an HA configuration, you can also click the
      Sync To Peer
      option to synchronize the content update with the HA peer after download/install. This will not push the schedule settings to the peer firewall; you need to configure the schedule on each firewall.
      Recommendations for HA Configurations:
      • Active/Passive HA
        —If the firewalls use the MGT port for content updates, configure a schedule on each firewall so that each firewall downloads and installs content independently. If the firewalls are using a data port for content updates, the passive firewall will not perform downloads while it is in the passive state. In this case set a schedule on each peer and enable
        Sync To Peer
        to ensure that content updates on the active peer sync to the passive peer.
      • Active/Active HA
        —If the firewalls use the MGT port for content updates, configure a schedule on each firewall, but do not enable
        Sync To Peer
        . If the firewalls are using a data port for content updates, schedule content updates on each firewall and select
        Sync To Peer
        to enable the active-primary firewall to download and install the content updates and then push the content update to the active-secondary peer.
  4. Attach the security profiles to a security policy.
    Attach a clone of a predefined security profile to your basic Security policy rules. That way, if you want to customize the profile you can do so without deleting the read-only predefined
    strict
    or
    default
    profile and attaching a customized profile.
    1. Select
      Policies
      Security
      , select the desired policy to modify it and then click the
      Actions
      tab.
    2. In
      Profile Settings
      , click the drop-down next to each security profile you would like to enable. In this example we choose
      default
      for
      Antivirus
      and
      WildFire Analysis
      , and
      strict
      for
      Vulnerability Protection
      and
      Anti-Spyware
      .
      If you don’t see drop-downs for selecting profiles, select
      Profiles
      from the
      Profile Type
      drop-down.
      security_profiles_attach_policy.png
  5. Save the configuration.
    Click
    Commit
    .

Recommended For You