Configuring Designer Default Profiles

Overview

When Designer creates a new rule, its Log Forwarding Profiles and Security Profile Groups are set to None by default. You can change these defaults in the stconf file. Profiles can be set globally or per Device Management ID.

In the example below, you can see a system with values set for both Designer Profiles.

Example

Prerequisites

Any profile that is defined, must be defined on the device.

Configure the Security Profile Group

This procedure is relevant for Palo Alto and Fortinet devices.

  1. Navigate to: https://<SecureTrack_IP>/securetrack/admin/stcgitest.htm

  2. Navigate to Edit StConf > Fetch Current StConf.

  3. In the stconf file, navigate to the Designer_Default_Profiles ;.

  4. Add the Security_Profile_Group

    <Designer_Default_Profiles>
                            <Security_Profile_Group>
                            <Profile>security_group_profile1</Profile>
                            <Profile management="11">security_group_profile2</Profile>
                            </Security_Profile_Group>
                        </Designer_Default_Profiles>

    where

    • <Profile>security_group_profile1</Profile> defines the global default.

    • <Profile management="11">security_group_profile2</Profile> defines default profile for Device Management ID 11 as Security group Profile 2.

    For Palo Alto Panorama devices: When a profile is set per Device Management ID, the configuration will also apply for all Device Groups beneath it in the hierarchy. When the profile provided is not found on the device, the global default is used. If no global default is found, none will be used.

  5. Click Submit New Conf.

Configure the Log Forwarding Profile

This procedure is relevant for Palo Alto devices.

  1. Navigate to: https://<SecureTrack_IP>/securetrack/admin/stcgitest.htm

  2. Navigate to Edit StConf > Fetch Current StConf.

  3. In the stconf file, navigate to the Designer_Default_Profiles ;.

  4. Add the Log_Forwarding_Profile. 
    <Designer_Default_Profiles>
                            <Log_Forwarding_Profile>
                            <Profile>log_forwarding_profile1</Profile>
                            <Profile management="12">log_forwarding_profile2</Profile>
                            </Log_Forwarding_Profile>
                        </Designer_Default_Profiles>

    where

    • <Profile>log_forwarding_profile1</Profile> defines the global default.

    • <Profile management="12">log_forwarding_profile2</Profile> defines default profile for Device Management ID 12 as Log Forwarding Profile 2.

    5. For Palo Alto Panorama devices: When a profile is set per Device Management ID, the configuration will also apply for all Device Groups beneath it in the hierarchy. When the profile provided is not found on the device, the global default is used. If no global default is found, none will be used.

  5. Click Submit New Conf.