Policy was discussed in in terms of a service access policy and a firewall design policy. This section discusses these policies in relationship to overall site policy, and offers guidance on how to identify needs, risks, and then policies.
Policy decisions regarding the use of firewall technology should be made in conjunction with the policy decisions needed to secure the whole site. This includes decisions concerning host systems security, dial-in access, off-site Internet access, protection of information off-site, data communications security and others. A stand-alone policy concerning only the firewall is not effective; it needs to be incorporated into a strong site security policy. Refer to [RFC1244] for information on creating a site security policy geared towards the needs of Internet sites.