Policies allow you to
control firewall operation by enforcing rules and automatically taking action. The following types
of policies are supported:
Basic security policies
to block or allow a network session based on the application, the source and destination zones and addresses, and optionally the service (port and protocol). Zones identify the physical or logical interfaces that send or receive the traffic. Refer to
Policies > Security.
Network Address Translation (NAT) policies to translate addresses and ports, as needed. Refer to
Policies > NAT.
Policy-based forwarding policies to override the routing table and specify an egress interface for traffic. Refer to
Policies > Policy Based Forwarding.
Decryption policies to specify traffic decryption for security policies. Each policy can specify the categories of URLs for the traffic you want to decrypt. SSH decryption is used to identify and control SSH tunneling in addition to SSH shell access. Refer to
Policies > Decryption.
Override policies to override the application definitions provided by the firewall. Refer to
Policies > Application Override.
Quality of Service (QoS) policies to determine how traffic is classified for treatment when it passes through an interface with QoS enabled. Refer to
Policies > QoS.
Captive portal policies to request authentication of unidentified users. Refer to
Policies > Captive Portal.
Denial of service (DoS) policies to protect against DoS attacks and take protective action in response to rule matches. Refer to
Policies > DoS Protection.
Shared policies pushed from Panorama™ display in orange on the firewall web interface; these shared policies cannot be edited on the firewall.
Use the Tag Browser to view all the tags used in a rulebase. In rulebases with many rules, the tag browser simplifies the display by presenting the tags, color code, and the rule numbers in which tags are used.