Ok - understood. But just to make sure: This is only for the Core Activations specified in the profile. The other profile settings (marked pink) have no impact on the autonomous threat profil?



So it would be possible to create a profile under custom profiles with everything deactivated and only specify the needed settings for the Core Activations?

Bump 🙂

It should not be necessary to define a Threat Prevention profile to manage the settings for the Core Protections as their settings are managed directly.
That's suggested by the tooltip in the screenshot @Tal_Paz-Fridman provided.

OK - Got that! I filtered according to the tool tip and was able to see the Core Protections. But still one question remains:

When I view the core protections from one of the old profiles I can see actions according to the profile settings like shown here:

Also when I select the Gateways section I can see a profile attached to my fw-cluster:



So if there is no need to create a profile for the Core Protections -> Can I just delete my custom made profiles and than do what? Will than the "default action" of the Core Protection kick in? This is kind of confusing me 😞

I will try to get a definitive answer to this question about what happens with Core Protections with ATP.

Thank you in advance. Looking forward to the final wisdom 🙂

My guess that since Core Protections/Activations and Inspection Settings changes are made effective by installing the Access Control policy (not the Threat Prevention policy which is fully controlled by Autonomous mode), these still operate independently even though Autonomous Threat Prevention (ATP) is enabled.  This is further bolstered by the fact the Core Protections/Activations and Inspection Settings have their own completely independent profile settings, completely separate from the IPS ThreatCloud protections which are controlled by profiles specified in the Threat Prevention policy itself (which ATP takes over).