A subgroup's policy can inherit only the firewall rules that are enabled in the parent group. When you have inherited the rules, you can disable them, but you cannot modify them. As the new rules are added to the parent group's policy, the new rules are automatically added to the inheriting policy.

When the inherited rules appear in the Rules list, they are shaded in purple. Above the blue line, the inherited rules are added above the rules that you created. Below the blue line, the inherited rules are added below the rules that you created.

A Firewall policy also inherits default rules, so the subgroup's Firewall policy may have two sets of default rules. You may want to delete one set of default rules.

If you want to remove the inherited rules, you remove the inheritance rather than delete them. You have to remove all the inherited rules rather than the selected rules.

The firewall processes inherited firewall rules in the Rules list as follows:

Figure: An example of how firewall rules inherit from each other shows how the Rules list orders rules when a subgroup inherits rules from a parent group. In this example, the Sales group is the parent group. The Europe Sales group inherits from the Sales group.

Figure: An example of how firewall rules inherit from each other

See Managing firewall rules

See Adding inherited firewall rules from a parent group.