The Web App Firewall uses two types of policies: firewall policies and auditing policies. Firewall policies control which traffic is sent to the Web App Firewall. Auditing policies control the log server to which Web App Firewall logs are sent.
Firewall policies can be complex because the policy rule can consist of multiple expressions in the Citrix ADC expressions language, which is a full-fledged object oriented programming language capable of defining with extreme precision exactly which connections to filter. Because firewall policies operate within the context of the Web App Firewall, they must meet certain criteria that are connected to how the Web App Firewall functions and what traffic is appropriately filtered by it. As long as you keep these criteria in mind, however, firewall policies are similar to policies for other Citrix ADC features. The instructions here do not attempt to cover all aspects of writing firewall policies, but only provide an introduction to policies and cover those criteria that are unique to the Web App Firewall.
Auditing policies are simple because the policy rule is always ns_true. You need only specify the log server that you want to send logs to, the logging levels that you want to use, and a few other criteria that are explained in detail.