Policy Types
Policies allow you to control firewall operation by enforcing rules and automatically taking action. The following types of policies are supported:
Basic security policies to block or allow a network session based on the application, the source and destination zones and addresses, and optionally the service (port and protocol). Zones identify the physical or logical interfaces that send or receive the traffic. Refer to Policies > Security.
Network Address Translation (NAT) policies to translate addresses and ports, as needed. Refer to Policies > NAT. Policy-based forwarding policies to override the routing table and specify an egress interface for traffic. Refer to Policies > Policy Based Forwarding. Decryption policies to specify traffic decryption for security policies. Each policy can specify the categories of URLs for the traffic you want to decrypt. SSH decryption is used to identify and control SSH tunneling in addition to SSH shell access. Refer to Policies > Decryption. Override policies to override the application definitions provided by the firewall. Refer to Policies > Application Override. Quality of Service (QoS) policies to determine how traffic is classified for treatment when it passes through an interface with QoS enabled. Refer to Policies > QoS. Captive portal policies to request authentication of unidentified users. Refer to Policies > Captive Portal. Denial of service (DoS) policies to protect against DoS attacks and take protective action in response to rule matches. Refer to Policies > DoS Protection.
Shared policies pushed from Panorama™ display in orange on the firewall web interface; these shared policies cannot be edited on the firewall.
Use the Tag Browser to view all the tags used in a rulebase. In rulebases with many rules, the tag browser simplifies the display by presenting the tags, color code, and the rule numbers in which tags are used.

Related Documentation