I am planning to make a group profile of security profiles which include, Vulnerability protection , antivirus , anti spyware and wildfire analysis profile. I am planning to provide same group for every policy in firewall. I have few questions on this approach.
1. Is this a good practice , Do calling this group for every policy will increase firewall processing time, as the group contains lot of security profile?
2. Suppose vulnerability protection profile has wide verity of security scanning in it. Some are for Web traffic or some are for DB traffic. The security group I provided for every rule is same. Hence do firewall will scan web vulnerabilities for DB traffic as well. Or do the firewall has the intelligence to scan only scan what in scope. or simply ignore unnecessary check even though it is included in rule profile?
... View more