All traffic not specifically allowed by a security policy that you create is blocked by the Implicit policy listed at the bottom of the Policy > Policy > Policy page.

You cannot delete this policy and you can edit the policy only to enable or disable logging of the traffic that it handles.