Firewall policies control all traffic attempting to pass through the Deep Edge unit, between Deep Edge interfaces, zones, and VLAN subinterfaces.

Firewall policies are instructions the Deep Edge unit uses to decide connection acceptance and packet processing for traffic attempting to pass through. When the firewall receives a connection packet, it analyzes the packet’s source address, destination address, and service (by port number), and attempts to locate a firewall policy matching the packet.

Firewall policies can contain many instructions for Deep Edge to follow when it receives matching packets. Some instructions are required, such as whether to drop or accept and process the packets, while other instructions, such as logging and authentication, are optional.

Policy instructions may include protection profiles, which can specify application-layer inspection and other protocol-specific protection and logging.

Firewall policies integrate with the other Deep Edge functions to provide a centralized policy configuration and management architecture for: