IPv4 ACLs in FOS 6.X

We have started using these as a front line of defense before all other inbound policies.  My understanding is these are MORE explicit.  So if you say DENY inbound from WAN from ALL to ALL for port 3389 it will be more inclusive as it relates to the attack surface of the device than creating a normal policy with the same constraints?  In other words, using a normal policy might leave some of the mgmt ports exposed to probing on that port?  The only downside is that there appears to be no logging so we lose the ability to monitor volume of the drops other than the packet count shown in the GUI.

Am I using this properly?  How are others using the IPv4 ACL feature if at all?

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Policy%20Configuration/IPv4%20Access%20Control%20List.htm?Highlight=Access%20Control%20List

Docs say how, would be good to know "when and why."