The Palo Alto Networks next-generation firewall supports a variety of policy types that work together to safely enable applications on your network.
Determine whether to block or allow a session based on traffic attributes such as the source and destination security zone, the source and destination IP address, the application, user, and the service. For more details, see Security Policy.
Instruct the firewall which packets need translation and how to do the translation. The firewall supports both source address and/or port translation and destination address and/or port translation. For more details, see NAT.
Identify traffic requiring QoS treatment (either preferential treatment or bandwidth-limiting) using a defined parameter or multiple parameters and assign it a class. For more details, see Quality of Service.
Policy Based Forwarding
Identify traffic that should use a different egress interface than the one that would normally be used based on the routing table. For details, see Policy-Based Forwarding.
Identify encrypted traffic that you want to inspect for visibility, control, and granular security. For more details, see Decryption.
Identify sessions that you do not want processed by the App-ID engine, which is a Layer-7 inspection. Traffic matching an application override policy forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4. For more details, see Manage Custom or Unknown Applications.
Identify traffic that requires users to authenticate. For more details, see Authentication Policy.
Identify potential denial-of-service (DoS) attacks and take protective action in response to rule matches. DoS Protection Profiles.
Policy Types Policies enable you to control firewall operation by enforcing rules and automating actions. The firewall supports the following policy types : Basic security ...
Create an NPTv6 Policy
Create an NPTv6 Policy Perform this task when you want to configure a NAT NPTv6 policy to translate one IPv6 prefix to another IPv6 prefix. ...
Destination NAT Destination NAT is performed on incoming packets when the firewall translates a destination address to a different destination address; for example, it translates ...
Create a Decryption Policy Rule
Decryption policy rules granularly define the traffic to decrypt or not to decrypt based on the source, destination, service (application port), and URL Category. ...
NAT Translated Packet Tab
NAT Translated Packet Tab Policy > NAT > Translated Packet Select the Translated Packet tab to determine, for Source Address Translation, the type of translation ...
Configure SSL Inbound Inspection
SSL Inbound Inspection decryption enables the firewall to see potential threats in inbound encrypted traffic destined for your servers and apply security protections against those ...
You can’t protect yourself against threats you can’t see. Decrypt traffic to reveal encrypted threats so the firewall can protect your network against them. ...
Configure QoS for a Virtual System
Configure QoS for a Virtual System QoS can be configured for a single or several virtual systems configured on a Palo Alto Networks firewall. Because ...
How to Decrypt Data Center Traffic
Use SSL Decryption to inspect all encrypted network traffic and make hidden threats visible. ...