Proxy policy security profiles
Web proxy policies support most security profile types.
Security profiles must be created before they can be used in a policy, see Security Profiles for information. |
Explicit web proxy policy
The security profiles supported by explicit web proxy policies are:
- AntiVirus
- Web Filter
- Application Control
- IPS
- DLP Sensor
- ICAP
- Web Application Firewall
- SSL Inspection
To configure security profiles on an explicit web proxy policy in the GUI:
- Go to Policy & Objects > Proxy Policy.
- Click Create New.
- Set the following:
Proxy Type
Explicit Web
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Service
webproxy
Action
ACCEPT
- In the Firewall / Network Options section, set Protocol Options to default.
- In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Web Filter
urlfiler
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
ICAP
default
Web Application Firewall
default
SSL Inspection
deep-inspection
- Click OK to create the policy.
To configure security profiles on an explicit web proxy policy in the CLI:
config firewall proxy-policy edit 1 set proxy explicit-web set dstintf "port1" set srcaddr "all" set dstaddr "all" set service "web" set action accept set schedule "always" set utm-status enable set av-profile "av" set webfilter-profile "urlfilter" set dlp-sensor "dlp" set ips-sensor "sensor-1" set application-list "app" set icap-profile "default" set waf-profile "default" set ssl-ssh-profile "deep-inspection" next end
Transparent proxy
The security profiles supported by transparent proxy policies are:
- AntiVirus
- Web Filter
- Application Control
- IPS
- DLP Sensor
- ICAP
- Web Application Firewall
- SSL Inspection
To configure security profiles on a transparent proxy policy in the GUI:
- Go to Policy & Objects > Proxy Policy.
- Click Create New.
- Set the following:
Proxy Type
Transparent Web
Incoming Interfae
port2
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Service
webproxy
Action
ACCEPT
- In the Firewall / Network Options section, set Protocol Options to default.
- In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Web Filter
urlfiler
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
ICAP
default
Web Application Firewall
default
SSL Inspection
deep-inspection
- Click OK to create the policy.
To configure security profiles on a transparent proxy policy in the CLI:
config firewall proxy-policy edit 2 set proxy transparent-web set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "all" set service "webproxy" set action accept set schedule "always" set utm-status enable set av-profile "av" set webfilter-profile "urlfilter" set dlp-sensor "dlp" set ips-sensor "sensor-1" set application-list "app" set icap-profile "default" set waf-profile "default" set ssl-ssh-profile "certificate-inspection" next end
FTP proxy
The security profiles supported by FTP proxy policies are:
- AntiVirus
- Application Control
- IPS
- DLP Sensor
To configure security profiles on an FTP proxy policy in the GUI:
- Go to Policy & Objects > Proxy Policy.
- Click Create New.
- Set the following:
Proxy Type
FTP
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Action
ACCEPT
- In the Firewall / Network Options section, set Protocol Options to default.
- In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
- Click OK to create the policy.
To configure security profiles on an FTP proxy policy in the CLI:
config firewall proxy-policy edit 3 set proxy ftp set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set utm-status enable set av-profile "av" set dlp-sensor "dlp" set ips-sensor "sensor-1" set application-list "app" next end