1. Home
    2. PAN-OS
    3. PAN-OS 7.1 Web Interface Reference Guide
    4. Policies
    5. Policy Types
    Previous
    Next
    Policies allow you to control firewall operation by enforcing rules and automatically taking action. The following types of policies are supported:
    Basic security policies to block or allow a network session based on the application, the source and destination zones and addresses, and optionally the service (port and protocol). Zones identify the physical or logical interfaces that send or receive the traffic. Refer to Policies > Security.
    Network Address Translation (NAT) policies to translate addresses and ports, as needed. Refer to Policies > NAT. Policy-based forwarding policies to override the routing table and specify an egress interface for traffic. Refer to Policies > Policy Based Forwarding. Decryption policies to specify traffic decryption for security policies. Each policy can specify the categories of URLs for the traffic you want to decrypt. SSH decryption is used to identify and control SSH tunneling in addition to SSH shell access. Refer to Policies > Decryption. Override policies to override the application definitions provided by the firewall. Refer to Policies > Application Override. Quality of Service (QoS) policies to determine how traffic is classified for treatment when it passes through an interface with QoS enabled. Refer to Policies > QoS. Captive portal policies to request authentication of unidentified users. Refer to Policies > Captive Portal. Denial of service (DoS) policies to protect against DoS attacks and take protective action in response to rule matches. Refer to Policies > DoS Protection.
    		Shared policies pushed from Panorama™ display in orange on the firewall web interface; these shared policies cannot be edited on the firewall.
    		Use the Tag Browser to view all the tags used in a rulebase. In rulebases with many rules, the tag browser simplifies the display by presenting the tags, color code, and the rule numbers in which tags are used.
    Previous
    Next

    Related Documentation

    Policies

    Policies This section describes the firewall web interfaces you can use to configure policies: Policy Types Move or Clone a Policy Rule Policies > Security ...

    Policies > Decryption

    Policies > Decryption You can configure the firewall to decrypt traffic for visibility, control, and granular security. Decryption policies can apply to Secure Sockets Layer ...

    Defining Policies on Panorama

    Defining Policies on Panorama Device Groups on Panorama allow you to centrally manage policies on the firewalls. Policies defined on Panorama are either created as ...

    Policies > Security

    Policies > Security Security policies reference security zones and enable you to allow, restrict, and track traffic on your network based on the application, user ...

    Device > Virtual Systems

    Device > Virtual Systems A virtual system (vsys) is an independent (virtual) firewall instance that you can separately manage within a physical firewall. Each vsys ...

    Policies > Captive Portal

    Policies > Captive Portal Use the following tables to set up and customize a captive portal to direct user authentication by way of an authentication ...

    Policies > Application Override

    Policies > Application Override To change how the firewall classifies network traffic into applications, you can specify application override policies. For example, if you want ...

    Policies > DoS Protection

    Policies > DoS Protection A DoS Protection policy allow you to protect against DoS attacks by specifying whether to deny or allow packets that match ...

    Policies > QoS

    Policies > QoS Add QoS policy rules to define traffic to receive QoS treatment, and assign a QoS class for each QoS policy rule in ...

    Policies > Policy Based Forwarding

    Policies > Policy Based Forwarding Normally, when traffic enters the firewall, the ingress interface virtual router dictates the route that determines the outgoing interface and ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo