Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Global Options for Security Policies

Global options are tenant-level settings that apply to all devices within a tenant. You can set up these global options for security policies by configuring default security settings and default security subscriptions.

  • Default Security Settings—Security policies require time to identify the L7 application in traffic and act accordingly. Default profiles are instrumental in providing protection during this period.

  • Default Security Subscriptions—Default subscription profiles are assigned to firewall security policy rules. While you can customize these settings at the individual security policy rule level, the default profiles are applied to a security policy rule only if they are enabled for that rule.

To configure global options for security policies:

  1. Select SRX > Security Policy > SRX Policy.

    The Security Policies page is displayed.

  2. Click Global options.

    The Global Options page is displayed.

  3. Complete the configuration according to the guidelines provided in Table 1.
    Table 1: Fields on the Global Options Page
    Field Description
    Default security settings

    IPS profile

    Select an IPS profile to serve as the default IPS policy.

    Content Security profile

    Select a Content Security profile to establish as the default setting for Content Security.

    Decrypt profile

    Select a decrypt profile that will serve as the default profile.

    Anti-malware profile

    Select an anti-malware profile that will serve as the default profile.

    SecIntel Profile Group

    Select a SecIntel profile group that will serve as the default group.

    Default Security Subscriptions

    You can customize the security subscription profiles at the security policy rule level, which will override the default profiles set by the global option.

    IPS profile

    Select an IPS profile to apply to policy rules.

    The selected IPS profile will be used as the default profile when you enable IPS at the rule level.

    Content Security profile

    Select a Content Security profile to apply to policy rules.

    The selected Content Security profile will be used as the default profile when you enable Content Security at the rule level.

    Decrypt profile

    Select the decrypt profile to apply to policy rules.

    The selected decrypt profile will be used as the default profile when you enable Decrypt profile at the rule level.

    Flow-based antivirus profile

    Select a flow-based antivirus profile to apply to policy rules.

    The selected flow-based antivirus profile will be used as the default profile when you enable Flow-based AV at the rule level.

    Anti-malware profile

    Select an anti-malware profile to apply to policy rules.

    The selected anti-malware profile will be used as the default profile when you enable Anti-malware profile at the rule level.

    Secintel Profile Group

    Select a Secintel profile group to apply to policy rules.

    The selected Secintel profile group is applied as the default group when you enable Secintel Profile Group at the rule level.
  4. Click OK.

A confirmation message is displayed.

Related Documentation