While security policy rules enable you to allow or block
traffic on your network, security profiles help you define an
rule, which scans allowed applications for threats,
such as viruses, malware, spyware, and DDOS attacks. When traffic
matches the allow rule defined in the security policy, the security
profile(s) that are attached to the rule are applied for further content
inspection rules such as antivirus checks and data filtering.
Security profiles are not used in the match criteria of
a traffic flow. The security profile is applied to scan traffic
after the application or category is allowed by the security policy.
The firewall provides default security profiles that you can
use out of the box to begin protecting your network from threats.
See Set Up a Basic Security Policy for
information on using the default profiles in your security policy.
As you get a better understanding about the security needs on your
network, you can create custom profiles. See Scan Traffic for Threats for
You can add security profiles that are commonly applied together
to a Security Profile Group;
this set of profiles can be treated as a unit and added to security
policies in one step (or included in security policies by default,
if you choose to set up a default security profile group).
The following topics provide more detailed information about
each type of security profile and how to set up a security profile