Rulestacks defines access control (App-ID, URL Filtering) and threat prevention behavior of Cloud
NGFW resources. A Cloud NGFW resource uses your rulestack definitions to protect the
traffic by a two-step process. First, it enforces your rules to allow or deny your
traffic. Second, it performs content inspection on the allowed traffic based on what you
specify on the Security Profiles. A rulestack includes a set of security rules,
associated objects, and profiles.