By default, the default security profile group is used for unclassified sessions, which includes default security profiles for all security engines. You can select a previously created custom profile group for unclassified sessions or create a new custom profile group.
To apply a security profile group to unclassified sessions:
This opens the Policy tab.
If the security profile group contains a security engine profile with the Block action, the session is blocked and does not match any security rule. If you do not want to block such a session, select a different action in the security engine profiles included in the selected security profile group.
The selected security profile group is applied to unclassified sessions.
The action from the profile that matched the session is applied starting with the package that got the session classified.
Security engines process traffic in the following order:
Scanning with DNS Security and IDPS begins.
Scanning with IDPS begins.
Scanning with IDPS, Web Control, and the Anti-Virus URL scanning module begins if the POST method is used and the file does not exceed the packet size. Scanning with the Stream Anti-Virus and Object Anti-Virus also begins.
At this step, it is probable that the session is already classified.
Scanning with Stream Anti-Virus and Object Anti-Virus begins.