File Policies

A file policy is a set of configurations that the system uses to perform malware protection and file control, as part of your overall access control configuration. This association ensures that before the system passes a file in traffic that matches an access control rule’s conditions, it first inspects the file. Consider the following diagram of a simple access control policy in an inline deployment.

Diagram illustrating the flow of traffic in a simple access control policy that uses file policies.

The policy has two access control rules, both of which use the Allow action and are associated with file policies. The policy’s default action is also to allow traffic, but without file policy inspection. In this scenario, traffic is handled as follows:

Traffic that matches Rule 1 is inspected by File Policy A.
Traffic that does not match Rule 1 is evaluated against Rule 2. Traffic that matches Rule 2 is inspected by File Policy B.
Traffic that does not match either rule is allowed; you cannot associate a file policy with the default action.

By associating different file policies with different access control rules, you have granular control over how you identify and block files transmitted on your network.