A security profile group is a set of security profiles that can be treated as a unit and then easily added to security policies. Profiles that are often assigned together can be added to profile groups to simplify the creation of security policies. You can also setup a default security profile group—new security policies will use the settings defined in the default profile group to check and control traffic that matches the security policy. Name a security profile group default to allow the profiles in that group to be added to new security policies by default. This allows you to consistently include your organization’s preferred profile settings in new policies automatically, without having to manually add security profiles each time you create new rules.
For recommendations on the best-practice settings for security profiles, see Create Best Practice Security Profiles.
The following sections show how to create a security profile group and how to enable a profile group to be used by default in new security policies:
Create a Security Profile Group
Use the following steps to create a security profile group and add it to a security policy.
Create a Security Profile Group
Create a security profile group. If you name the group default, the firewall will automatically attach it to any new rules you create. This is a time saver if you have a preferred set of security profiles that you want to make sure get attached to every new rule. Select Objects > Security Profile Groups and Add a new security profile group. Give the profile group a descriptive Name, for example, Threats. If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems. Add existing profiles to the group.
Click OK to save the profile group.
Add a security profile group to a security policy. Select Policies > Security and Add or modify a security policy rule. Select the Actions tab. In the Profile Setting section, select Group for the Profile Type. In the Group Profile drop-down, select the group you created (for example, select the best-practice group):
Click OK to save the policy and Commit your changes.
Save your changes. Click Commit.
Set Up or Override a Default Security Profile Group
Use the following options to set up a default security profile group to be used in new security policies, or to override an existing default group. When an administrator creates a new security policy, the default profile group will be automatically selected as the policy’s profile settings, and traffic matching the policy will be checked according to the settings defined in the profile group (the administrator can choose to manually select different profile settings if desired). Use the following options to set up a default security profile group or to override your default settings.
If no default security profile exists, the profile settings for a new security policy are set to None by default.
Set Up or Override a Default Security Profile Group
Create a security profile group. Select Objects > Security Profile Groups and Add a new security profile group. Give the profile group a descriptive Name, for example, Threats. If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems. Add existing profiles to the group. For details on creating profiles, see Security Profiles.
Click OK to save the profile group. Add the security profile group to a security policy. Add or modify a security policy rule and select the Actions tab. Select Group for the Profile Type. In the Group Profile drop-down, select the group you created (for example, select the Threats group):
Click OK to save the policy and Commit your changes.
Set up a default security profile group. Select Objects > Security Profile Groups and add a new security profile group or modify an existing security profile group. Name the security profile group default:
Click OK and Commit. Confirm that the default security profile group is included in new security policies by default: Select Policies > Security and Add a new security policy. Select the Actions tab and view the Profile Setting fields:
By default, the new security policy correctly shows the Profile Type set to Group and the default Group Profile is selected.
Override a default security profile group. If you have an existing default security profile group, and you do not want that set of profiles to be attached to a new security policy, you can continue to modify the Profile Setting fields according to your preference. Begin by selecting a different Profile Type for your policy ( Policies > Security > Security Policy Rule > Actions).

Related Documentation