Policies enable you to control firewall operation by
enforcing rules and automating actions. The firewall supports the
following policy types:
Basic security policies to block
or allow a network session based on the application, the source
and destination zones and addresses, and—optionally—based on the
service (port and protocol). Zones identify the physical or logical
interfaces that send or receive the traffic. See Policies
Network Address Translation (NAT) policies to translate addresses
and ports. See to Policies
Quality of Service (QoS) policies to determine how traffic
is classified for treatment when it passes through an interface
with QoS enabled. See Policies
Decryption policies to specify traffic decryption for security
policies. Each policy can specify the categories of URLs for the
traffic you want to decrypt. SSH decryption is used to identify
and control SSH tunneling in addition to SSH shell access. See Policies
Tunnel Inspection policies to enforce Security, DoS Protection,
and QoS policies on tunneled traffic, and to view tunnel activity.
> Tunnel Inspection.
Denial of service (DoS) policies to protect against DoS attacks
and take protective action in response to rule matches. See Policies
> DoS Protection.
SD-WAN policies to determine link path management between
the source and destination zones when link path health degrades
below the approved, configured health metrics. See Policies > SD-WAN.
Shared polices pushed from Panorama™ display in orange on the
firewall web interface. You can edit these shared policies only
on Panorama; you cannot edit them on the firewall.
View Rulebase as Groups to view
all the tag groups used in a rulebase. In rule bases with many rules,
viewing the rulebase as groups simplifies the display by presenting the
tags, color code, and the number of rules in each group while preserving
the established rule hierarchy.