The Palo Alto Networks next-generation firewall supports a variety of policy types that work together to safely enable applications on your network.
For all policy types, when you Enforce Policy Rule Description, Tag, and Audit Comment, you can use the audit comment archive to view how a policy rule changed over time. The archive, which includes the audit comment history and the configuration logs, enables you to compare configuration versions and review who created or modified and why.
Determine whether to block or allow a session based on traffic attributes such as the source and destination security zone, the source and destination IP address, the application, user, and the service. For more details, see Security Policy.
Instruct the firewall which packets need translation and how to do the translation. The firewall supports both source address and/or port translation and destination address and/or port translation. For more details, see NAT.
Identify traffic requiring QoS treatment (either preferential treatment or bandwidth-limiting) using a defined parameter or multiple parameters and assign it a class. For more details, see Quality of Service.
Policy Based Forwarding
Identify traffic that should use a different egress interface than the one that would normally be used based on the routing table. For more details, see Policy-Based Forwarding.
Identify encrypted traffic that you want to inspect for visibility, control, and granular security. For more details, see Decryption.
Identify sessions that you do not want processed by the App-ID engine, which is a Layer-7 inspection. Traffic matching an application override policy forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4. For more details, see Manage Custom or Unknown Applications.
Identify traffic that requires users to authenticate. For more details, see Authentication Policy.
Identify potential denial-of-service (DoS) attacks and take protective action in response to rule matches. For more details, see DoS Protection Profiles.
Policy Types Policies enable you to control firewall operation by enforcing rules and automating actions. The firewall supports the following policy types : Basic security ...
Policies > QoS
Policies > QoS Add QoS policy rules to define the traffic that receives specific QoS treatment and assign a QoS class for each QoS policy ...
Building Blocks in a Tunnel Inspection Policy
Building Blocks in a Tunnel Inspection Policy Select Policies Tunnel Inspection to add a Tunnel Inspection policy rule. You can use the firewall to inspect ...
Security Policy Security policy protects network assets from threats and disruptions and helps to optimally allocate network resources for enhancing productivity and efficiency in business ...
Policy Policies allow you to enforce rules and take action. The different types of policy rules that you can create on the firewall are: Security, ...
Push a Policy Rule to a Subset of Firewalls
Push a Policy Rule to a Subset of Firewalls A policy target allows you to specify the firewalls in a device group to which to ...
Policies The following topics describe firewall policy types, how to move or clone policies, and describes policy settings: Policy Types Move or Clone a Policy ...
Enforcement of Rule Description, Tag, and Audit Comment
Require that a description, tag or audit comment be entered when creating or editing a policy rule. ...
Create a Decryption Policy Rule
Decryption policy rules granularly define the traffic to decrypt or not to decrypt based on the source, destination, service (application port), and URL Category. ...