https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/202037#M59647 <P>Hello,</P><P>What we did is add a deny all policy right befor the default policies. That way we had to create policies that had profiles to enable the scanning. While this does take a bit of overhead. It wasnt really that bad.&nbsp;</P><P>&nbsp;</P><P>I know its a bit off topic.</P><P>&nbsp;</P><P>Cheers!</P> Fri, 23 Feb 2018 17:34:39 GMT OtakarKlier 2018-02-23T17:34:39Z https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/201868#M59615 <P>Hi</P><P>&nbsp;</P><P>For traffic that matches the intrazone default policy,&nbsp; and assuming there are no security profiles for anti-virus, anti-malware, threat protection. etc,&nbsp; Is there any inspection performed?&nbsp;</P><P>&nbsp;</P><P>Reason I ask- I found an article on the Knowledge base about increasing performance for SMB traffic by enabling an application override for the traffic.&nbsp; Would application override have any effect on this traffic?</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 23 Feb 2018 01:28:55 GMT https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/201868#M59615 fmurray 2018-02-23T01:28:55Z https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/201970#M59626 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/17058">@fmurray</a></P> <P>&nbsp;</P> <P>No threat scanning is performed as the default policy does not have security profiles, but app-id is performed.</P> <P>If you're seing performance issues with SMB and suspect app-id, you could try to create a security policy where you enable 'Disable Server Response Inspection', which will allow you to still apply some security checks on smb (as this is a popular protocol to spread infections) but only for packets originating from the client</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Disable Server Response Inspection.png" style="width: 700px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/13951i9C94EC1AD4146EF9/image-size/large?v=v2&amp;px=999" role="button" title="Disable Server Response Inspection.png" alt="Disable Server Response Inspection.png" /></span></P> <P>&nbsp;</P> <P>Or if you need to turn off app-id altogether, create an app override policy which will turn off everything for the new custom app replacing smb (app override works independently of the session hitting a custom security policy or a default one)</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 23 Feb 2018 11:00:41 GMT https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/201970#M59626 reaper 2018-02-23T11:00:41Z https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/202037#M59647 <P>Hello,</P><P>What we did is add a deny all policy right befor the default policies. That way we had to create policies that had profiles to enable the scanning. While this does take a bit of overhead. It wasnt really that bad.&nbsp;</P><P>&nbsp;</P><P>I know its a bit off topic.</P><P>&nbsp;</P><P>Cheers!</P> Fri, 23 Feb 2018 17:34:39 GMT https://live.paloaltonetworks.com/t5/general-topics/intrazone-default-what-gets-inspected/m-p/202037#M59647 OtakarKlier 2018-02-23T17:34:39Z