A Zone is a logical grouping of ports/physical interfaces and/or virtual subinterfaces if defined.

Zones provide a flexible layer of security for the firewall. With the zone-based security, the administrator can group similar ports and apply the same policies to them, instead of having to write the same policy for each interface.

Default - Zone Types

LAN – Depending on the device in use and network design, one can group one to six physical ports in this zone. Group multiple interfaces with different network subnets to manage them as a single entity. Group all the LAN networks under this zone.

By default the traffic to and from this zone is blocked and hence the highest secured zone. However, traffic between ports belonging to the same zone will be allowed.

DMZ (DeMilitarized Zone) - This zone is normally used for publicly accessible servers. Depending on the device in use and network design, one can group one to five physical ports in this zone.

WAN - This zone is used for Internet services. It can also be referred as Internet zone.

VPN - This zone is used for simplifying secure, remote connectivity. It is the only zone that does not have an assigned physical port/interface. Whenever the VPN connection is established, port/interface used by the connection is automatically added to this zone and on disconnection; port is automatically removed from the zone. Like all other default zones, scanning and access policies can be applied on the traffic for this zone.

Local– Entire set of physical ports available on your device including their configured aliases are grouped in LOCAL zone. In other words, IP addresses assigned to all the ports fall under the LOCAL zone.

To manage zones, go to System Management > Device Settings > Dynamic Objects > Zone.