The USG uses an object oriented approach. Simpy stated, you need to create address objects for all IP addresses (as hosts), or range of IP addresses. If you have services that dont already exist on the list, then you need to create those too, as service objects.
Now on the USG you can greate GROUP address objects and GROUP service objects and you can then use these GROUP items in your firewall rules.
Policy rules are mainly designed to allow internet users access to the interent (external access). In most cases policy routes are not required because the router creates them by default (not visible). If you have two ISPs, do load balancing, VPNs, and other funky stuff policy routes come in to play.--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"