https://live.paloaltonetworks.com/t5/advanced-threat-prevention/security-profiles-best-practise/m-p/538095#M1903 <P>Palo Alto have the following Security profiles by default (pre-defined)</P> <P>&nbsp;</P> <P>Antivirus - default&nbsp;</P> <P>Antivirus - default &amp; strict</P> <P>Vulnerability protection- default &amp; strict</P> <P>&nbsp;</P> <P>Would like to Palo alto recommendation on applying the different security profiles</P> <P>If we are deploying a new Palo Alto firewalls in a new environment , would like to know if we can apply the default security profiles on all security policies belongs to Inbound and outbound firewalls without causing any business disruption.</P> <P>&nbsp;</P> Wed, 12 Apr 2023 06:47:47 GMT GKumar10 2023-04-12T06:47:47Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/security-profiles-best-practise/m-p/538095#M1903 <P>Palo Alto have the following Security profiles by default (pre-defined)</P> <P>&nbsp;</P> <P>Antivirus - default&nbsp;</P> <P>Antivirus - default &amp; strict</P> <P>Vulnerability protection- default &amp; strict</P> <P>&nbsp;</P> <P>Would like to Palo alto recommendation on applying the different security profiles</P> <P>If we are deploying a new Palo Alto firewalls in a new environment , would like to know if we can apply the default security profiles on all security policies belongs to Inbound and outbound firewalls without causing any business disruption.</P> <P>&nbsp;</P> Wed, 12 Apr 2023 06:47:47 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/security-profiles-best-practise/m-p/538095#M1903 GKumar10 2023-04-12T06:47:47Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/security-profiles-best-practise/m-p/538117#M1907 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203119">@GKumar10</a> ,</P> <P>&nbsp;</P> <P>You have asked 2 questions:</P> <P>&nbsp;</P> <OL> <LI>Can you apply the security profiles to traffic without any business disruption?&nbsp; In most cases, yes.&nbsp; However, to verify no disruption you can apply the security profiles in alert mode and review the Threat/URL Filtering/Data Filtering logs for legitimate traffic that would be blocked.&nbsp; You can then tune the profiles before changing the action to block.</LI> <LI>What is the PANW best practice recommendation for applying security profiles for a new NGFW? <OL> <LI>Run the Day 1 Configuration from the Customer Support Portal (CSP) and load it on your new NGFW.</LI> <LI>Run a Best Practice Assessment (BPA) on your NGFW from the CSP and apply those changes to the configuration.</LI> <LI>Here is a good doc for best practice security profiles -&gt; <A href="https://docs.paloaltonetworks.com/best-practices/10-1/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles" target="_blank">https://docs.paloaltonetworks.com/best-practices/10-1/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles</A>.&nbsp; These recommendations should be consistent with the BPA.</LI> </OL> </LI> </OL> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Mon, 10 Apr 2023 12:17:29 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/security-profiles-best-practise/m-p/538117#M1907 TomYoung 2023-04-10T12:17:29Z