> ## Documentation Index > Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt > Use this file to discover all available pages before exploring further. # Guard Firewall > Ecosystem-level transaction review that evaluates every transaction against policies, threat simulations, and blacklists before allowing onchain execution. **Guard Firewall** is a review signer that evaluates transactions before they reach the chain. It enforces ecosystem policies, performs threat simulations, and can block or allow transactions by signing or withholding a **guard signature**. Ecosystem admins can maintain **blacklists** of malicious apps or contracts. For regulated financial products, the Guard Firewall provides a programmable policy layer between your application logic and onchain execution. ## Policy model Policies are configured per ecosystem and can include: * **App registration and blacklists**: only registered apps and origins may submit. Admins can blacklist apps or contracts. * **Risk thresholds**: block transactions that exceed a risk score returned by the simulator. * **Method and contract allowlists**: restrict which contracts and function selectors can be called. * **Spend limits and token rules**: cap per-interval outflows by token, recipient, or app. * **Emergency kill switch**: fail-closed mode that blocks all or specific scopes. ## Threat simulation Guard can perform real-time threat analysis on the transaction payload: calldata, value, state deltas. Based on the ecosystem configuration, Guard applies policy thresholds and signs or denies the transaction, or requires OTP confirmation. ## Blacklist controls * Admins can blacklist apps, origins, or contracts. Blacklists take precedence and cause immediate denials. * Lists are propagated to the Guard and cached with a short TTL. Updates are near-real-time. ## Implementation guidance * Require a **Guard signature** in your session or wallet policy so transactions cannot bypass review. * Register apps and origins in your ecosystem admin, define policies, and set risk thresholds. * Keep blacklists curated and respond quickly to incident intelligence.