Did you know? Default is not always bad..

Did you know that you can auto-populate the log-forwarding and security profile by just calling it “default”?

I for sure did not know it, and I am paid to know everything there is about PanOS.. so maybe this is new for some of you as well?

So how does it work?



You add a new security policy, and you have to manually select the log forwarding and security profiles, on every rule.
We are all human, so accidents will happen where we forget one or both on a rule.

But there is a way to solve that!

Step 1:


Rename or create a new log forwarding profile, and call it “default”.

Step 2:


Rename or create a new security profile group, add the profiles into the group and call it “default”.

Step 3:


Voila! Every new security rule will now auto-fill in the “default” groups!
Now you don’t need to remember the log forwarding, or security profiles!

For most readers, I guess the log forwarding profile will be the most usable one. Since I can’t see any real reason why that should not be enabled on every rule.


Palo Alto Networks official documentation: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/policy/security-profile-group

Leave a Reply

Your email address will not be published. Required fields are marked *