Configure Global Options
- Default Security Settings—The security policy takes some time to detect the L7 application in a traffic and act upon it. The default profiles help in providing security during that time. Configure the default security settings.
- Default Security Subscriptions—You can set the default profiles to apply to a firewall rule. You can customize these settings at rule level. The default profiles are applied to a security policy rule, only if the profiles are enabled for that rule.
-
Select SRX > Security Policies >
Security Policies.
The Security Policy page appears.
-
Click Global options.
The Global Options page appears displaying a list of default settings.
-
Complete the configuration according to the guidelines provided in Table 1.
Table 1: Fields on the Global Options Page Field Description Default security settings IPS profile
An IPS profile that will be set as default IPS policy. Content Security profile
A content security profile that will be set as default-configuration for content security. Decrypt profile
A decrypt profile that will be set as a default decrypt profile. Anti-malware profile
An anti-malware profile that will be set as a default anti-malware profile. Secintel Profile Group
A selected secintel profile group that will be set as a default Secintel profile group. Default Security Subscriptions
IPS profile
Select an IPS profile to assign to policy rules. The selected IPS profile is applied as a default IPS profile when you enable the IPS toggle button is at rule level. See Add a Security Policy Rule. Note:You can customize an IPS profile at the rule level. The rule-level IPS profile takes precedence over the default IPS profile that you select using the global option.
Content Security profile
Select a content security profile to assign to policy rules. The selected content security profile is applied as a default content security profile when you enable the Content Security toggle button is at rule level. See Add a Security Policy Rule. Note:You can customize an content security profile at the rule level. The rule-level content security profile takes precedence over the default content security profile that you select using the global option.
Decrypt profile
Select the decrypt profile to assign to policy rules. The selected decrypt profile is applied as a default decrypt profile when you enable the Decrypt profile toggle button at rule level. See Add a Security Policy Rule. Note:You can customize the decrypt profile at the rule level. The rule-level decrypt profile takes precedence over the default decrypt profile that you select using the global option.
Anti-malware profile
Select an anti-malware profile to assign to policy rules. The selected anti-malware profile is applied as a default anti-malware profile when you enable the Anti-malware profile toggle button at rule level. See Add a Security Policy Rule Note:You can customize an anti-malware profile at the rule level. The rule-level anti-malware profile takes precedence over the default anti-malware profile that you select using the global option.
Secintel Profile Group
Select a Secintel profile group to assign to policy rules. The selected Secintel profile group is applied as a default Secintel profile group when you enable the Secintel Profile Group toggle button at rule level. See Add a Security Policy Rule Note:You can customize a Secintel profile group at the rule level. The rule-level Secintel profile group takes precedence over the default Secintel profile group that you select using the global option.
-
Click OK.
A confirmation message is displayed.