Security security rules allow you to enforce rules and take action, and can be as general or specific as needed. The security rules are compared against the incoming traffic in sequence, and because the first rule that matches the traffic is applied, the more specific rules must precede the more general ones. For example, a rule for a single application must precede a rule for all applications if all other traffic-related settings are the same.
For traffic that doesn’t match any user-defined rules, the default rules apply. The default rules—displayed at the bottom of the security rulebase—are predefined to allow all intrazone traffic (within the zone) and deny all interzone traffic (between zones). Although these rules are part of the predefined configuration and are read-only by default, you can
them and change a limited number of settings, including the tags, action (allow or deny), log settings, and security profiles.
After you create a rule, you can track it in your rulebase and view security rule usage to determine when and how many times traffic matches the Security rule to determine its effectiveness. As your rulebase evolves, change and audit information can get lost over time unless you archived this information at the time the rule is created or modified. You can Enforce Security Rule Description, Tag, and Audit Comment to ensure that all administrators enter audit comments so that you can view the audit comment archive and review comments and configuration log history and can compare rule configuration versions for a selected rule. Together, you now have more visibility into and control over the rulebase.