Rulestacks defines access control (App-ID, URL Filtering) and threat prevention behavior of Cloud NGFW resources. A Cloud NGFW resource uses your rulestack definitions to protect the traffic by a two-step process. First, it enforces your rules to allow or deny your traffic. Second, it performs content inspection on the allowed traffic based on what you specify on the Security Profiles. A rulestack includes a set of security rules, associated objects, and profiles.

A Local Rulestack consists of local rules that are used to define rules for specific applications or users. The account administrator associates these rules with a NGFW resource for the Azure account.