Introduction to Policy

Policy is a basic function that is designed to control the traffic forwarding between security zones/segments. By default system will deny all traffic between security zones/segments, while the policy can identify which flow between security zones or segments will be permitted, and which will be denied, specifically based on policy rules.

Basic Elements of Policy Rules

Policy rules permit or deny traffic between security zones/segments. The basic elements of policy rules consist of service type of the traffic, source and destination address/zone, and actions.

Defining a Policy Rule

Generally a policy rule consists of two parts: filtering conditions and actions. You can set the filtering conditions by specifying traffic's source zone/address, destination zone/address, service type, and role. Each policy rule is labeled with a unique ID which is automatically generated when the rule is created. You can also specify a policy rule ID at your own choice. All policy rules are arranged in a specific order. When traffic flows into the security appliance, the device will query for policy rules by turn, and processes the traffic according to the first matched rule.

The max global policy rule numbers may vary from different security appliance models.