About Policies

The security policy of your organization is a set of definitions to protect your computer network and the information that goes through it. The XTM device denies all packets that are not specifically allowed. When you add a policy to your XTM device configuration file, you add a set of rules that tell the XTM device to allow or deny traffic based upon factors such as source and destination of the packet or the TCP/IP port or protocol used for the packet.

As an example of how a policy could be used, suppose the network administrator of a company wants to log in remotely to a web server protected by the XTM device. The network administrator manages the web server with a Remote Desktop connection. At the same time, the network administrator wants to make sure that no other network users can use Remote Desktop. To create this setup, the network administrator adds a policy that allows RDP connections only from the IP address of the network administrator's desktop computer to the IP address of the web server.

A policy can also give the XTM device more instructions on how to handle the packet. For example, you can define logging and notification settings that apply to the traffic, or use NAT (Network Address Translation) to change the source IP address and port of network traffic.

Packet Filter and Proxy Policies

Your XTM device uses two categories of policies to filter network traffic: packet filters and proxies. A packet filter examines each packet’s IP and TCP/UDP header. If the packet header information is legitimate, then the XTM device allows the packet. Otherwise, the XTM device drops the packet.

A proxy examines both the header information and the content of each packet to make sure that connections are secure. This is also called deep packet inspection. If the packet header information is legitimate and the content of the packet is not considered a threat, then the XTM device allows the packet. Otherwise, the XTM device drops the packet.

Add Policies to Your XTM device

The XTM device includes many pre-configured packet filters and proxies that you can add to your configuration. For example, if you want a packet filter for all Telnet traffic, you add a pre-defined Telnet policy that you can modify for your network configuration. You can also make a custom policy for which you set the ports, protocols, and other parameters.

When you configure the XTM device with the Quick Setup Wizard, the wizard adds several packet filters: Outgoing (TCP-UDP), FTP, ping, and up to two WatchGuard management policies. If you have more software applications and network traffic for the XTM device to examine, you must:

We recommend that you set limits on outgoing access when you configure your XTM device.

In all documentation, we refer to both packet filters and proxies as policies. Information on policies refers to both packet filters and proxies unless otherwise specified.

See Also

About the Firewall Policies page

About Policy Precedence

Add Policies to Your Configuration

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base