One thing about configuring security profiles is that when I like to change a security profile, there are so many security rules to update with the correct profile. I know I can change the profile itself and all policies using that profile will be affected but that is not always what I want. In my view it would be much better to place security profiles in their own policies - like decryption, authentication etc. Then we can add the the profile to exactly the type of traffic we want without needing to bother with what security rule that traffic hits. What do you think?
It is easy to do in CLI.
> set cli config-output-format set
# show rulebase security | match "profile-setting group"
Copy output to Notepad.
Find and replace all old security profile names with new one.
And paste those commands back into CLI window.
Ok, thanks for the tip. That does have it´s use cases. My most recent scenario was when I wanted to try out the credential url filtering. With my suggestion all I would have had to do was add a sec. profile policy with the test user as source and apply to traffic from trust to untrust. Instead I had to create a clone of the current url filtering profile, add that to multiple (cloned, and added test user as source) security policies for traffic from trust to untrust.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!