Policy
Focus
Focus

Policy

Table of Contents

Policy

Policies allow you to enforce rules and take action. The different types of policy rules that you can create on the firewall are: Security, NAT, Quality of Service (QoS), Policy Based Forwarding (PBF), Decryption, Application Override, Authentication, Denial of Service (DoS), and Zone protection policies. All these different policies work together to allow, deny, prioritize, forward, encrypt, decrypt, make exceptions, authenticate access, and reset connections as needed to help secure your network.
It is important to understand that in firewall policy rules, the set of IPv4 addresses is treated as a subset of the set of IPv6 addresses. However, the set of IPv6 addresses is not a subset of the set of IPv4 addresses. An IPv4 address can match a set or range of IPv6 addresses; but an IPv6 address cannot match a set or range of IPv4 addresses.
In all policy types, the keyword
any
for a source or destination address means any IPv4 or IPv6 address. The keyword
any
is equivalent to ::/0. If you want to express "any IPv4 address", specify 0.0.0.0/0.
During policy matching, the firewall converts an IPv4 address into an IPv6 prefix where the first 96 bits are 0. An address of ::/8 means, match the rule if the first 8 bits are 0. All IPv4 addresses will match ::/8, ::/9, ::/10, ::/11, ... ::/16, ... ::/32, ... through ::/96.
If you want to express "any IPv6 address, but no IPv4 addresses", you must configure two rules. The first rule denies 0.0.0.0/0 to deny any IPv4 address (as the source or destination address), and the second rule has ::/0 to mean any IPv6 address (as the source or destination address), to satisfy your requirement.
The following topics describe how to work with policy:

Recommended For You