Proxy policy security profiles

Proxy policy security profiles

Web proxy policies support most security profile types.

Explicit web proxy policy

The security profiles supported by explicit web proxy policies are:

• AntiVirus, l Web Filter, l Application Control, l IPS, l DLP Sensor, l ICAP,
• Web Application Firewall, and l SSL Inspection.

To configure security profiles on an explicit web proxy policy in the GUI:

1. Go to Policy & Objects > Proxy Policy.
2. Click Create New.
3. Set the following:

4. In the Firewall / Network Options section, set Protocol Options to default.
5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

6. Click OK to create the policy.

To configure security profiles on an explicit web proxy policy in the CLI:

config firewall proxy-policy edit 1 set uuid c8a71a2c-54be-51e9-fa7a-858f83139c70 set proxy explicit-web set dstintf “port1” set srcaddr “all” set dstaddr “all” set service “web” set action accept set schedule “always” set utm-status enable set av-profile “av” set webfilter-profile “urlfilter” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app” set icap-profile “default” set waf-profile “default” set ssl-ssh-profile “deep-inspection”

next end

Transparent proxy

The security profiles supported by explicit web proxy policies are:

• AntiVirus, l Web Filter, l Application Control, l IPS, l DLP Sensor, l ICAP,
• Web Application Firewall, and l SSL Inspection.

To configure security profiles on a transparent proxy policy in the GUI:

1. Go to Policy & Objects > Proxy Policy.
2. Click Create New.
3. Set the following:

4. In the Firewall / Network Options section, set Protocol Options to default.
5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

6. Click OK to create the policy.

To configure security profiles on a transparent proxy policy in the CLI:

config firewall proxy-policy edit 2 set uuid 8fb05036-56fc-51e9-76a1-86f757d3d8dc set proxy transparent-web set srcintf “port2” set dstintf “port1” set srcaddr “all” set dstaddr “all” set service “webproxy” set action accept set schedule “always” set utm-status enable set av-profile “av” set webfilter-profile “urlfilter” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app” set icap-profile “default” set waf-profile “default” set ssl-ssh-profile “certificate-inspection”

next

end

FTP proxy

The security profiles supported by explicit web proxy policies are:

l AntiVirus, l Application Control, l IPS, and l DLP Sensor.

To configure security profiles on an FTP proxy policy in the GUI:

1. Go to Policy & Objects > Proxy Policy.
2. Click Create New.
3. Set the following:

4. In the Firewall / Network Options section, set Protocol Options to default.
5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

6. Click OK to create the policy.

To configure security profiles on an FTP proxy policy in the CLI:

config firewall proxy-policy edit 3 set uuid cb89af34-54be-51e9-4496-c69ccfc4d5d4

set proxy ftp set dstintf “port1” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set utm-status enable set av-profile “av” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app”

next

end