After what feels like a lot of studying and a lot of lab practice. I still don't get one basic concept that is currently on my mind. I have a client situation that I am configuring that this question pertains to, so that's why I am motivated to get to the bottom of it.
I still don't get the basic difference or application between a filrewall filter and a policy. It seems that you can put basically the same configuration in either place and they can both be applied to interfaces, ingress and egress. I know this is probably not right, but: WHAT IS THE BASIC CONCEPTUAL DIFFERENCE BETWEEN FIREWALL AND POLICY? I hope it is something beyond, 'well, that just were your supposed to put that kind of thing".
I completely watched and studied and applied the two JNCIA CBTNuggets videos courses (over 45 videos total) I have configured every example in these courses in my lab. But I have a vague vacumm in my mind when I grasp for a distinction that stands clear between firewall filters and policies beyond that these are two places to put stuff in the configuration. I mean you can filter stuff under both parts of the configuration, right?
Can someone give me a good analogy that might stick in my mind. They seem to wash together in some kind of ambivalent confusion.
MUCH APPRECIATED
robin hood