A label that supports up to 31 characters, used to identify the rule.
Specifies whether the rule applies to traffic within a zone, between zones, or both:
The zone from which the traffic originates.
The zone at which the traffic terminates. If you use NAT, make sure to always reference the post-NAT zone.
The application which you wish to control. The firewall uses App-ID, the traffic classification technology, to identify traffic on your network. App-ID provides application control and visibility in creating security policies that block unknown applications, while enabling, inspecting, and shaping those that are allowed.
Blockaction for the traffic based on the criteria you define in the rule. When you configure the firewall to block traffic, it either resets the connection or silently drops packets. To provide a better user experience, you can configure granular options to block traffic instead of silently dropping packets, which can cause some applications to break and appear unresponsive to the user. For more details, see Security Policy Actions.