About Custom Policies
To allow for a protocol that is not included by default as a Firebox configuration option, you must define a custom traffic policy. You can add a custom policy that uses:
- TCP ports
- UDP ports
- An IP protocol that is not TCP or UDP, such as GRE, AH, ESP, ICMP, IGMP, and OSPF. You identify an IP protocol that is not TCP or UDP with the IP protocol number.
To create a custom policy, you must first create or edit a custom policy template that specifies the ports and protocols used by policies of that type. Then, you create one or more policies from that template to set access rules, logging, QoS, and other settings.