Security policies define the zone-based firewall rules that determine application access within a branch. They allow or deny application access and traffic within a zone or across zones based upon administrator specified zone definitions, prefix filters, and actions.

Security policies are made up of security policy sets and are provisioned globally at a branch site or locally at any remote branch office. These policies, at all times, supersede network policies.

Configuring or implementing zone-based firewall security rules for an enterprise involves creating zones , binding zones to a site , physical or virtual interfaces on an ION device, creating a security policy set , creating security policy rules , and binding the security policy set to a site .