A zone is a grouping of interfaces. Zones also specify the services that can be used to administer devices and authenticate users. When used with firewall rules, zones provide a convenient method of managing security and traffic for a group of interfaces.

Table 1. Default zones



LAN Groups interfaces with different network subnets so that you can manage them as a single entity. By default, traffic to and from this zone is blocked. To allow traffic between two LAN zone interfaces a LAN to LAN firewall rule is required.

(De-militarized zone) Typically used for publicly accessible server networks such as web servers.


Used for all interfaces with a default gateway. Most likely used for internet access.


Automatically created interfaces used by IPsec or SSL VPN connections. When a VPN connection is created, the interface used by the connection is automatically added to this zone.


Use for wireless internet services when a separate zone is configured. Bridge to AP LAN and Bridge to VLAN will not use a dedicated interface.