Configure Advanced Firewall Policy Settings

In the Description text box, you can optionally type a policy description.

Idle timeout defines the maximum length of time that a connection can stay active when no traffic is sent through the connection. For information about this policy setting, go to Configure a Custom Idle Timeout in a Firewall Policy.

Firewall policies use dynamic NAT to map private IP addresses to public IP addresses. Policy dynamic NAT settings control how the Firebox applies dynamic NAT to traffic handled by the policy. For information about policy dynamic NAT settings, go to Configure Dynamic NAT in a Firewall Policy.

Global WAN settings control how the Firebox routes outbound traffic when multiple external networks are configured. The sticky connection setting controls how long a connection continues to use the same WAN interface. To override the global WAN sticky connection setting, you can configure a policy with a custom sticky connection. For information about this policy setting, go to Configure Sticky Connection Settings in a Firewall Policy.

You can create a limit on a firewall policy so that it filters only a specified number of connections per second. When you configure this feature, the Firebox denies traffic for any additional connections and generates log messages and optional notifications. For more information about how to configure these settings, go to Configure a Connection Rate Limit in a Firewall Policy.

You can enable notifications if you want the Firebox to send an alert log message or an SNMP trap when traffic matches the policy. For information about how to configure this setting, go to Configure Notifications in a Firewall Policy.