While security policy rules enable you to allow or block traffic on your network, security profiles help you define an
allow but scan
rule, which scans allowed applications for threats, such as viruses, malware, spyware, and DDOS attacks. When traffic matches the allow rule defined in the security policy, the security profile(s) that are attached to the rule are applied for further content inspection rules such as antivirus checks and data filtering.
The firewall provides default security profiles that you can use out of the box to begin protecting your network from threats. See
Set Up a Basic Security Policy
for information on using the default profiles in your security policy. As you get a better understanding about the security needs on your network, you can create custom profiles. See
Scan Traffic for Threats
for more information.
You can add security profiles that are commonly applied together to a
Security Profile Group
; this set of profiles can be treated as a unit and added to security policies in one step (or included in security policies by default, if you choose to set up a default security profile group).