Security Profiles
While security policy rules enable you to allow or block traffic on your network, security profiles help you define an allow but scan rule, which scans allowed applications for threats, such as viruses, malware, spyware, and DDOS attacks. When traffic matches the allow rule defined in the security policy, the security profile(s) that are attached to the rule are applied for further content inspection rules such as antivirus checks and data filtering.
Security profiles are not used in the match criteria of a traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy.
The firewall provides default security profiles that you can use out of the box to begin protecting your network from threats. See Set Up a Basic Security Policy for information on using the default profiles in your security policy. As you get a better understanding about the security needs on your network, you can create custom profiles. See Scan Traffic for Threats for more information.
For recommendations on the best-practice settings for security profiles, see Create Best Practice Security Profiles.
You can add security profiles that are commonly applied together to a Security Profile Group ; this set of profiles can be treated as a unit and added to security policies in one step (or included in security policies by default, if you choose to set up a default security profile group).
The following topics provide more detailed information about each type of security profile and how to set up a security profile group:

Related Documentation