Policies enable you to control firewall operation by enforcing rules and automating actions. The firewall supports the following policy types:
- Network Address Translation (NAT) policies to translate addresses and ports. See to Policies > NAT.
- Quality of Service (QoS) policies to determine how traffic is classified for treatment when it passes through an interface with QoS enabled. See Policies > QoS.
- Policy-based forwarding policies to override the routing table and specify an egress interface for traffic. See Policies > Policy Based Forwarding.
- Decryption policies to specify traffic decryption for security policies. Each policy can specify the categories of URLs for the traffic you want to decrypt. SSH decryption is used to identify and control SSH tunneling in addition to SSH shell access. See Policies > Decryption.
- Tunnel Inspection policies to enforce Security, DoS Protection, and QoS policies on tunneled traffic, and to view tunnel activity. See Policies > Tunnel Inspection.
- Override policies to override the application definitions provided by the firewall. See Policies > Application Override.
- Authentication policies to define authentication for end users who access network resources. See Policies > Authentication.
- Denial of service (DoS) policies to protect against DoS attacks and take protective action in response to rule matches. See Policies > DoS Protection.
- Shared polices pushed from Panorama™ display in orange on the firewall web interface. You can edit these shared policies only on Panorama; you cannot edit them on the firewall.
- Use the Tag Browser to view all the tags used in a rulebase. In rule bases with many rules, the tag browser simplifies the display by presenting the tags, color code, and the rule numbers in which tags are used.
Policies The following topics describe firewall policy types, how to move or clone policies, and describes policy settings: Policy Types Move or Clone a Policy ...
Policy Types The Palo Alto Networks next-generation firewall supports a variety of policy types that work together to safely enable applications on your network. Policy ...
Create a Decryption Policy Rule
Decryption policy rules granularly define the traffic to decrypt or not to decrypt based on the source, destination, service (application port), and URL Category. ...
Defining Policies on Panorama
Defining Policies on Panorama Device Groups on Panorama™ allow you to centrally manage firewall policies. You create policies on Panorama either as Pre Rules or ...
Provide Granular Access to the Policy Tab
Provide Granular Access to the Policy Tab If you enable the Policy option in the Admin Role profile, you can then enable, disable, or provide ...
Application Override General Tab
Application Override General Tab Select the General tab to configure a name and description for the application override policy. A tag can also be configured ...
Policies > Decryption
Policies > Decryption You can configure the firewall to decrypt traffic for visibility, control, and granular security. Decryption policies can apply to Secure Sockets Layer ...
Building Blocks in a Tunnel Inspection Policy
Building Blocks in a Tunnel Inspection Policy Select Policies Tunnel Inspection to add a Tunnel Inspection policy rule. You can use the firewall to inspect ...
Decryption Options Tab
Decryption Options Tab Select the Options tab to determine if the matched traffic should be decrypted or not. If Decrypt is set, specify the decryption ...