Proxy policy security profiles
Web proxy policies support most security profile types.
|
Security profiles must be created before they can be used in a policy, see Security Profiles for information. |
Explicit web proxy policy
The security profiles supported by explicit web proxy policies are:
- AntiVirus
- Web Filter
- Application Control
- IPS
- DLP Sensor
- ICAP
- Web Application Firewall
- SSL Inspection
To configure security profiles on an explicit web proxy policy in the GUI:
-
Go to Policy & Objects > Proxy Policy.
-
Click Create New.
-
Set the following:
Proxy Type
Explicit Web
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Service
webproxy
Action
ACCEPT
-
In the Firewall / Network Options section, set Protocol Options to default.
-
In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Web Filter
urlfiler
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
ICAP
default
Web Application Firewall
default
SSL Inspection
deep-inspection
-
Click OK to create the policy.
To configure security profiles on an explicit web proxy policy in the CLI:
config firewall proxy-policy
edit 1
set proxy explicit-web
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set service "web"
set action accept
set schedule "always"
set utm-status enable
set av-profile "av"
set webfilter-profile "urlfilter"
set dlp-sensor "dlp"
set ips-sensor "sensor-1"
set application-list "app"
set icap-profile "default"
set waf-profile "default"
set ssl-ssh-profile "deep-inspection"
next
end
Transparent proxy
The security profiles supported by transparent proxy policies are:
- AntiVirus
- Web Filter
- Application Control
- IPS
- DLP Sensor
- ICAP
- Web Application Firewall
- SSL Inspection
To configure security profiles on a transparent proxy policy in the GUI:
-
Go to Policy & Objects > Proxy Policy.
-
Click Create New.
-
Set the following:
Proxy Type
Transparent Web
Incoming Interfae
port2
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Service
webproxy
Action
ACCEPT
-
In the Firewall / Network Options section, set Protocol Options to default.
-
In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Web Filter
urlfiler
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
ICAP
default
Web Application Firewall
default
SSL Inspection
deep-inspection
-
Click OK to create the policy.
To configure security profiles on a transparent proxy policy in the CLI:
config firewall proxy-policy
edit 2
set proxy transparent-web
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set utm-status enable
set av-profile "av"
set webfilter-profile "urlfilter"
set dlp-sensor "dlp"
set ips-sensor "sensor-1"
set application-list "app"
set icap-profile "default"
set waf-profile "default"
set ssl-ssh-profile "certificate-inspection"
next
end
FTP proxy
The security profiles supported by FTP proxy policies are:
- AntiVirus
- Application Control
- IPS
- DLP Sensor
To configure security profiles on an FTP proxy policy in the GUI:
-
Go to Policy & Objects > Proxy Policy.
-
Click Create New.
-
Set the following:
Proxy Type
FTP
Outgoing Interface
port1
Source
all
Destination
all
Schedule
always
Action
ACCEPT
-
In the Firewall / Network Options section, set Protocol Options to default.
-
In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus
av
Application Control
app
IPS
Sensor-1
DLP Sensor
dlp
-
Click OK to create the policy.
To configure security profiles on an FTP proxy policy in the CLI:
config firewall proxy-policy
edit 3
set proxy ftp
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set utm-status enable
set av-profile "av"
set dlp-sensor "dlp"
set ips-sensor "sensor-1"
set application-list "app"
next
end