About Policy Properties
Each policy type has a default definition, which consists of settings that are appropriate for most organizations. However, you can modify policy settings for your particular business purposes, or add other settings such as traffic management and operating schedules.
Mobile VPN with IPSec policies are created and operate in the same way as firewall policies. For a Mobile VPN with IPSec policy you must specify a Mobile VPN with IPSec group the policy applies to. For more information, go to Configure Policies to Filter IPSec Mobile VPN Traffic
You can add and edit policies in Fireware Web UI or Policy Manager. The settings are located on different tabs in each user interface.
When you add a new policy to your configuration, the Firewall Policies / Add Firewall Policy page appears after you select the policy type and click Add Policy. To set properties for an existing policy, on the Firewall Policies page, double-click the policy name to edit it.
On the Settings tab, you can set basic information about a policy, such as whether it allows or denies traffic, and set access rules that define the source and destination of traffic the policy handles. You can also configure static NAT, bandwidth and time quotas, or server load balancing. The Settings tab also shows the port and protocol for the policy, and an optional description of the policy. You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences.
For more information about these settings, go to:
- Set Access Rules for a Policy
- Configure Static NAT (SNAT)
- Configure Server Load Balancing
- Set Logging and Notification Preferences
- About Quotas
- Block Sites Temporarily with Policy Settings
- Set a Custom Idle Timeout
- About Policy Tags and Filters
- About Transport Layer Security (TLS) (IMAP, POP3 and SMTP proxy policies only)
On the SD-WAN tab, you can select to apply an SD-WAN action to the policy. You can also add a new SD-WAN action. For more information about SD-WAN routing, go to About SD-WAN.
SD-WAN replaces policy-based routing in Fireware v12.3 or higher.
On the Application Control tab, you can select the Application Control action for the policy. You can also create a new Application Control action. For more information about Application Control actions in policies, go to Enable Application Control in a Policy.
On the Geolocation tab, you can select the Geolocation action for the policy. You can also create a new Geolocation action or edit the selected action. For more information about Geolocation actions in policies, go to Enable Geolocation in a Policy.
On the Traffic Management tab, you can select the Traffic Management action for the policy.
To apply a Traffic Management action in a policy:
- Select the Traffic Management tab.
- From the Traffic Management Action drop-down list, select a Traffic Management action.
Or, to create a new Traffic Management action, select Create new and configure the settings. - Click Save.
For more information about Traffic Management actions, go to Add Traffic Management Actions to a Policy
For proxy policies, you can select the proxy action and configure proxy actions settings on the Proxy Action tab. The settings are different for each type of proxy action.
For more information, go to About Proxy Actions and the About topic for the specific proxy type.
On the Scheduling tab, you can specify an operating schedule for the policy. You can select an existing schedule or create a new schedule.
- Select the Scheduling tab.
- From the Schedule Action drop-down list, select a schedule.
Or, to create a new schedule, select Create New and configure the schedule. - Click Save.
For more information, go to Set an Operating Schedule.
On the Advanced tab, you can configure settings for NAT, QoS, multi-WAN, Connection Rate, and ICMP options. You can also limit policy scope based on the source port of the connection.
For more information about these settings, go to:
Policy Properties in Policy Manager
When you add a new policy to your configuration, the New Policy Properties dialog box automatically appears for you to set policy properties. To set properties for an existing policy, in Policy Manager, double-click a policy to open the Edit Policy Properties dialog box.
Use the Policy tab to set basic information about a policy, such as whether it allows or denies traffic. You can use the Policy tab settings to create access rules that define the source and destination of traffic the policy handles. You can also configure SD-WAN routing, Application Control, Geolocation, IPS, bandwidth and time quotas, static NAT, or server load balancing. For proxy policies and Application Layer Gateways (ALGs), you can also select and configure proxy actions on this tab.
For more information about these settings, go to:
- Set Access Rules for a Policy
- About SD-WAN Tip!
- Enable Application Control in a Policy
- Enable Geolocation in a Policy
- Enable or Disable IPS for a Policy
- About Quotas
- Configure Static NAT (SNAT)
- Configure Server Load Balancing
- About Proxy Actions (proxy policies and ALGs only)
- About Transport Layer Security (TLS) (IMAP, POP3, and SMTP proxy policies only)
To modify the settings for a proxy action, on the Policy tab, to the right of the Proxy action drop-down list, click 
and select a category of settings.
For more information about proxy actions, go to About Proxy Actions and the About topic for the specific proxy type.
The Properties tab shows the port and protocol for the policy, and an optional description of the policy. You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences. You can also apply Policy Tags to the policy.
For more information about these settings, go to:
The Advanced tab includes settings for NAT and Traffic Management (QoS), Connection Rate, and multi-WAN and ICMP options. You can also set an operating schedule for a policy, apply traffic management actions and limit policy scope based on the source port of the connection.
For more information about these settings, go to: