Print Download Documentation Send Feedback

Previous

Next

Security Zone

What can I do here?

Use this window to edit or create a security zone.

Getting Here

Getting Here - Object Explorer > New > Network Object > Security Zone

Security Zones

Security Zones let you to create a strong Access Control Policy that controls the traffic between parts of the network.

A Security Zone object represents a part of the network (for example, the internal network or the external network). You assign a network interface of a Security Gateway to a Security Zone. You can then use the Security Zone objects in the Source and Destination columns of the Rule Base.

Use Security Zones to:

For example, in the diagram, we have three Security Zones for a typical network: ExternalZone (1), DMZZone (2) and InternalZone (3).

A Security Gateway interface can belong to only one Security Zone. Interfaces to different networks can be in the same Security Zone.

Workflow

  1. Define Security Zone objects. Or, use the predefined Security Zones.
  2. Assign Gateway interfaces to Security Zones.
  3. Use the Security Zone objects in the Source and Destination of a rule. For example:

    Source

    Destination

    VPN

    Service

    Action

     

    InternalZone

    ExternalZone

    Any Traffic

    Any

    Accept

     

  4. Install the Access Control Policy.

Creating and Assigning Security Zones

Before you can use Security Zones in the Rule Base, you must assign Gateway interfaces to Security Zones.

To create a Security Zone:

  1. In the Objects bar (F11), click New > More > Network Object > Security Zone.

    The Security Zone window opens.

  2. Enter a name for the Security Zone.
  3. Enter an optional comment or tag.
  4. Click OK.

To assign an interface to a Security Zone

  1. In the Gateways & Servers view, right-click a Security Gateway object and select Edit.

    The Gateway Properties window opens.

  2. In the Network Management pane, right-click an interface and select Edit.

    The Interface window opens. The Topology area of the General pane shows the Security Zone to which the interface is already bound. By default, the Security Zone is calculated according to where the interface Leads To.

  3. Click Modify.

    The Topology Settings window opens.

  4. In the Security Zone area, click User Defined and select Specify Security Zone.
  5. From the drop-down box, select a Security Zone.

    Or click New to create a new one.

  6. Click OK.

Predefined Security Zones

These are the predefined security zones, and their intended purposes: