When you create a new profile, you can use the Default deployment mode or choose from a list of available deployment modes, and the device will use the recommended filter configuration for that deployment.
Depending on your network, it might be necessary to tune the selected deployment mode by overriding specific filters or categories. Digital Vaccines contain deployment settings for filters that address specific types of deployments.
Deployment mode Description
Default Provides a balance between high quality security and appliance performance and is suitable for most deployments.
Security-optimized Favors additional security over network performance or application adherence to protocol standards. Enables more Zero Day Initiative (ZDI) protection than other deployment modes.
Performance-optimized Emphasizes network performance over security and is not recommended for use in a production environment. This deployment mode is intended for testing purposes only.
Evaluation Enables the same filters that are also enabled in the Default deployment mode, but with a nonblocking Permit+Notify posture instead of Block. Specific filters in the Traffic Normalization category that detect malformed IP packets maintain a Block posture.
Note
Note
For any filters that have a recommended configuration of Block, you must manually override the default setting and set them to Block yourself prior to distribution of the new Digital Vaccine (DV) that contains the Evaluation deployment mode. If the DV with the Evaluation mode is deployed without this manual override, any profile that uses the Evaluation deployment mode will have its existing default Block filters modified to Permit+Notify after the profile is distributed to the device.
Core [Deprecated] (1) Offers improved performance for devices that are deployed on the interior of a network, with the expectation that perimeter-facing devices block most malicious Internet traffic.
Edge [Deprecated] (1) Ideal for Web farms and DMZs that typically expose services to the Internet.
Perimeter [Deprecated] (1) Offers optimal security for devices deployed on the perimeter of a network and protects the network from Internet traffic.
 (1) Deprecated deployment modes include new filters added to the Digital Vaccine, but the new filters in the deprecated deployment modes have the same characteristics as the Default deployment mode.