A policy defines which way traffic will be filtered. It may also define user account settings, such as authentication type, disk quota, and access to webmail.
After creating the antispam, antivirus, content, authentication, TLS, or resource profiles (see
“Configuring profiles”), you need to apply them to policies for them to take effect.