To create a policy to allow or deny a protocol that is not included in one of the predefined policy templates, you must define a custom policy. You can add a custom policy that uses:
- TCP ports
- UDP ports
- An IP protocol that is not TCP or UDP, such as GRE, AH, ESP, ICMP, IGMP, and OSPF. You identify an IP protocol that is not TCP or UDP with the IP protocol number.
To create a custom policy, you must first create a custom policy template that specifies the ports and protocols you want the policy to apply to. Then, you use the custom policy template to create one or more policies where you configure access rules, logging, QoS, and other policy settings. For more information, see Create or Edit a Custom Policy Template.
You can also export policy templates from one Firebox configuration and import them into the configuration for a different Firebox. For more information, see Import and Export Custom Policy Templates.