Policy Types

• Basic security policies to block or allow a network session based on the application, the source and destination zones and addresses, and—optionally—based on the service (port and protocol). Zones identify the physical or logical interfaces that send or receive the traffic. See Policies > Security.
• Network Address Translation (NAT) policies to translate addresses and ports. See to Policies > NAT.
• Quality of Service (QoS) policies to determine how traffic is classified for treatment when it passes through an interface with QoS enabled. See Policies > QoS.
• Policy-based forwarding policies to override the routing table and specify an egress interface for traffic. See Policies > Policy Based Forwarding.
• Decryption policies to specify traffic decryption for security policies. Each policy can specify the categories of URLs for the traffic you want to decrypt. SSH decryption is used to identify and control SSH tunneling in addition to SSH shell access. See Policies > Decryption.
• Tunnel Inspection policies to enforce Security, DoS Protection, and QoS policies on tunneled traffic, and to view tunnel activity. See Policies > Tunnel Inspection.
• Override policies to override the application definitions provided by the firewall. See Policies > Application Override.
• Authentication policies to define authentication for end users who access network resources. See Policies > Authentication.
• Denial of service (DoS) policies to protect against DoS attacks and take protective action in response to rule matches. See Policies > DoS Protection.
• SD-WAN policies to determine link path management between the source and destination zones when link path health degrades below the approved, configured health metrics. See Policies > SD-WAN.