Access Zones

In This Section: Trusted Zone Changing the Access Zones Policy Network Objects

Access Zones lets you create security zones for use in Firewall. Configure Access Zones before configuring Firewall.

There are two predefined Access Zones:

• The Internet Zone
• The Trusted Zone

Network locations not placed in the Trusted Zone automatically belong to the Internet Zone.

Note: Access Zones rules are computer-centric (and not user-centric).

Trusted Zone

The Trusted Zone contains network objects that are trusted. Configure the Trusted Zone to include only those network objects with which your programs must interact.

Note - Objects not placed in the Trusted Zone are placed automatically in the Internet Zone.

SmartEndpoint contains an initial Access Zones policy. In the initial policy, these network elements are included in the Trusted Zone:

• All_Internet

  This object represents all legal IP addresses. In the initial policy, all IP addresses on the Internet are trusted. However, the Access Zones policy is not a policy that is enforced by itself but only as a component of the Firewall policy.

• LocalMachine_Loopback

  Endpoint computer's loopback address: 127.0.0.1. The Endpoint must always have access to its own loopback address.

Note - Endpoint users must not run software that changes or hides the local loopback address, for example personal proxies that enable anonymous internet surfing.

Objects in the Trusted Zone

Think about adding these objects to your Trusted Zone:

• Remote host computers accessed by your programs (if not included in the subnet definitions for the corporate network)
• Corporate WANs accessed by your programs
• Endpoint Security Management Server
• Domain name servers
• Mail servers
• Domain controllers
• File servers
• Print servers
• VPN gateway address range
• Internet gateways
• Local subnets
• Security servers (for example, RADIUS, ACE, or TACACS servers)
• Other IP addresses or IP ranges to which access is allowed or denied.