Applying a security profile group

By default, the default security profile group is used for unclassified sessions, which includes default security profiles for all security engines. You can select a previously created custom profile group for unclassified sessions or create a new custom profile group.

To apply a security profile group to unclassified sessions:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.

    This opens the Policy tab.

  2. In the Firewall section, select Unclassified sessions.
  3. Under Unclassified session settings, in the Security profile group drop-down list, select a profile group that you want to apply to all unclassified sessions.

    If the security profile group contains a security engine profile with the Block action, the session is blocked and does not match any security rule. If you do not want to block such a session, select a different action in the security engine profiles included in the selected security profile group.

The selected security profile group is applied to unclassified sessions.

The action from the profile that matched the session is applied starting with the package that got the session classified.

Security engines process traffic in the following order:

  1. First packet received (TCP SYN or the first UDP).

    Scanning with DNS Security and IDPS begins.

  2. TLS Client Hello message received.

    Scanning with IDPS begins.

  3. First TCP packet with data received (for example, HTTP GET).

    Scanning with IDPS, Web Control, and the Anti-Virus URL scanning module begins if the POST method is used and the file does not exceed the packet size. Scanning with the Stream Anti-Virus and Object Anti-Virus also begins.

    At this step, it is probable that the session is already classified.

  4. Packet received containing the end of the file being transferred.

    Scanning with Stream Anti-Virus and Object Anti-Virus begins.

Page top