Did you know? Default is not always bad..

Did you know that you can auto-populate the log-forwarding and security profile by just calling it “default”?

I for sure did not know it, and I am paid to know everything there is about PanOS.. so maybe this is new for some of you as well?

So how does it work?

Problem/Issue:

def1

You add a new security policy, and you have to manually select the log forwarding and security profiles, on every rule.
We are all human, so accidents will happen where we forget one or both on a rule.

But there is a way to solve that!

Step 1:

def2

Rename or create a new log forwarding profile, and call it “default”.

Step 2:

def3

Rename or create a new security profile group, add the profiles into the group and call it “default”.

Step 3:

def4

Voila! Every new security rule will now auto-fill in the “default” groups!
Now you don’t need to remember the log forwarding, or security profiles!

For most readers, I guess the log forwarding profile will be the most usable one. Since I can’t see any real reason why that should not be enabled on every rule.

 

Palo Alto Networks official documentation: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/policy/security-profile-group

About Glenn

Pre-Sales Engineer for Palo Alto Networks in Norway. Always looking for new ways to secure your organization!
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *