Configuring Security Zones
Security Zones let you create a strong Firewall policy that controls the traffic between parts of the network.
A Security Zone object represents a part of the network (for example, the internal network or the external network).
There are two types of Security Zones:
-
Trusted Zone - The Trusted Zone contains network objects that are trusted. Configure the Trusted Zone to include only those network objects with which your programs must interact. You can add and remove network objects from a Trusted Zone. A device can only have one Trusted Zone. This means that if the Firewall policy has more than one rule, and more than one Trusted Zone applies to a device, only the last Trusted Zone is enforced.
These two network elements are defined as Trusted Zones by default:
-
All_Internet - This object represents all legal IP addresses.
- LocalMachine_Loopback - Endpoint device's loopback address: 127.0.0.1. The Endpoint device must always have access to its own loopback address. Endpoint users must not run software that changes or hides the local loopback address. For example, personal proxies that enable anonymous internet surfing.
-
-
Internet Zone - All objects that are not in the Trusted Zone are automatically in the Internet Zone.
Objects in the Trusted Zone:
These object types can be defined as Trusted Zones:
-
Hosts
-
Networks
-
Network Groups
-
Domains
-
Address Ranges