All EFWs are centrally managed through a 3Com-supplied plug-in to Microsoft Management Console (MMC). The Policy Server is used to develop and distribute the policies that affect the EFWs and collect and display logs as well as the status of EFWs.
Each device set is assigned one policy, but EFWs can belong to two device sets by means of a tool called a Locator. The Locator is used to enforce policies depending on whether an EFW is on a local or remote network as determined by IP address, available DNS or DHCP servers, or connectivity to the Policy Server.
The point of differentiating local and remote is that you might want to define an open policy for the local network as it is trusted and assign a restrictive policy for remote networks because they can be more hostile.
Policies are read top down and are similar to other ACL (access control list)-based rules. You can filter traffic based on source or destination IP address, TCP/UDP port pairs, and/or protocol types. But because the EFW is a packet filter, you must have separate rules for inbound and outbound traffic to allow for bidirectional traffic, including for nearly all TCP and UDP connections.