Please clarify IPS Policies?

Question

I see these 10 IPS Policies available with very minimal description for what they do, what situation they apply to, and their relative “strengths”. I assume strict is stronger than general. 
 1. DMZ TO LAN 
 2. DMZ TO WAN 
 3. LAN TO DMZ 
 4. LAN TO WAN 
 5. WAN TO DMZ 
 6. WAN TO LAN 
 7. generalpolicy 
 8. lantowan strict policy 
 9. lantowan general policy 
 10. dmzpolicy 
 Are the Policies directionally dependent , meaning LAN to WAN differs from WAN to LAN? How? I have seen other posts saying the source and destination Zones do not matter as the reverse traffic is also checked according to the policy. Is this true, which would imply LAN to WAN and WAN to LAN are identical? 
 Do I need two firewall rules one applying WAN TO LAN and the other LAN TO WAN? 
 What is the difference between lantowan general policy and LAN to WAN? 
 What is the security level of generalpolicy relative to the others? 
 The Wizard created a default firewall rule using generalpolicy. Does that mean it is “good enough” for general use? 
 I have one web server in LAN exposed by a DNAT rule and chose to apply WAN TO LAN in that rule; however, I don’t know if that is the best choice. Is it actually doing anything with generalpolicy in the preceeding firewall rule? 
 I have seen several posts saying descriptions of these policies would be forthcoming, but I can’t find such a thing. I hope someone can and will do it in response.

Billybob · Answer

Older post but I will chime in. XG documentation leaves a lot of things half explained but it is really not that difficult. All the uppercase rules are templates with predefined rules already built in and you cannot edit them. Lower case rules let you fine tune the rules and there are a few general purpose policies already provided for most users that want to edit them. 
 In addition to what @steve foote already explained, I will try to answer in order of your questions above. 
 A snort (IPS) rule is written for external or internal interface most of the time so some policies are direction dependent. Zones have nothing to do with IPS as policies are applied on the interface hardware. So in general, LAN to WAN traffic rules include rules that affect your clients software in an effort to police what your client is communicating with the internet. A virus trying to send packets out to the internet would be blocked by a LAN to WAN policy for example. 
 WAN to LAN is used for servers mostly. This means that if you are running a web server or a mail server, you want to enable WAN to LAN rule on your business firewall rules. If you don't have a server in your LAN than it doesn't make much sense to scan for traffic for IIS since the firewall will block any unwanted traffic to port 80 anyway. 
 You do not need two IPS rules one for LAN to WAN and another for WAN to LAN. Most people will only need LAN to WAN rules period. Only people that need WAN to LAN are the ones that are running servers and have business rules opening incoming ports. 
 Lan to wan general policy is editable policy designed by sophos that monitors/blocks critical flaws in windows and linux browser/ftp/dns/Reconnaissance and malware communications. LAN to WAN is a template that you can use to create your own rules and modify them or use the template as it exists in a firewall rule. The template includes all the lan to wan general policy rules and also includes lower priority alerts and alerts for industrial control /ERP systems etc that you generally don't need in most environments. 
 General policy is good enough for general use. However I create my own policies most of the time since I don't have any linux boxes for web surfing so doesn't make sense to scan that traffic. 
 General policy will not protect your web server. You will need to use either WAN to LAN rule or create your own that scans the type of server you are running. For example you don't need to scan IIS traffic if you are running apache.

Steve Foote · Answer

Ok, I'll take a stab at this. 
 First off, let's look at the first six default IPS policies. If you open them, you will see that each policy contains filtered groups of policy rules based upon criteria which apply to the role of the policy. For example, the LAN TO WAN IPS policy contains groups of rules which would apply to clients on a LAN, whereas the WAN TO LAN IPS policy contains groups of rules which apply to servers on the LAN. Same for each of the others. Basically, pick the default IPS rule which best applies to the type of firewall rule you are using. 
 As far as the custom rules are concerned, it is my belief that they are all exactly the same. I deleted all of them for the sake of neatness. The only reason to create a custom IPS policy is to select a sub-set of IPS policy rules you may want to apply to a specific firewall rule. Most installations won't require this level of customization.