Device Configuration : Configure : Network : Zones
The Zone page displays list of all the zones including system zones and even lets the administrator manage the zones.
A Zone is a logical grouping of ports/physical interfaces and/or virtual sub-interfaces if defined.
Zones provide a flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface.
Default Zone Types
LAN - Depending on the device in use and network design, one can group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone.
By default the traffic to and from this zone is blocked and hence the most secured zone. However, traffic between ports belonging to the same zone will be allowed.
DMZ (DeMilitarized Zone) – This zone is normally used for publicly accessible servers. Depending on the device in use and network design, one can group multiple physical ports in this zone.
WAN - This zone is used for Internet services. It can also be referred as Internet zone.
VPN – This zone is used for simplifying secure, remote connectivity. It is the only zone that does not have an assigned physical port/interface. Whenever the VPN connection is established, port/interface used by the connection is automatically added to this zone and on disconnection; port is automatically removed from the zone. Like all other default zones, scanning and access policies can be applied on the traffic for this zone.
WiFi - This zone is used for wireless Internet services.
The device is shipped with single zone for LAN, WAN, DMZ, VPN and WiFi. These zones are called System Zones. Administrator can add LAN and DMZ zone types.