Firewall Policy Priority

Applies To: Cloud-managed Fireboxes

This feature is only available to participants in the WatchGuard Cloud Beta program.

The Firewall Policies page shows policies in order of priority. For each connection, the Firebox applies the highest priority policy that matches the source, destination, and traffic type.

For a cloud-managed Firebox, policy priority is determined automatically and you cannot change the policy order. This is different from policies for a locally-managed Firebox.

Screen shot of the Firewall Policies page with the default Outgoing policy

The policy group determines overall policy priority:

  • First Run ─ Apply before all Core policies (highest priority)
  • Core ─ Normal priority, appropriate for most traffic
  • Last Run ─ Apply after all Core policies (lowest priority)

Within each policy group, policy priority is based on (in this order):

  • Source (networks, IP addresses, FQDNs, aliases, users, and groups)
  • Traffic types (ports, protocols)
  • Destination (networks, IP addresses, FQDNs, aliases, users, and groups)
  • Action (Deny has higher priority than Allow)
  • Policy name (Alphabetical order)

More specific policies have higher priority and appear higher in the policy list.

See Also

Configure Firewall Policies in WatchGuard Cloud