Firewall Policies
Firewall policies contain the rules that control how a firewall inspects, allows, or denies network traffic.
To create a firewall, you must have at least one firewall policy associated with the firewall. If you're using the Console, you can create a policy as part of the create firewall workflow. If you're using the API or CLI, create a firewall policy first, and then create the firewall.
Each firewall is associated with a single firewall policy, but one firewall policy can be associated with many firewalls.
When you create a firewall policy, usual Network Firewall service limits and restrictions apply.
About firewall policy rules
After you create a firewall policy, create security, decryption, and tunnel inspection rules for the policy. A firewall policy must have at least one rule or any associated firewall denies all network traffic.
For more information about firewall policy rules, see Firewall Policy Rules.