SonicWALL E6500 manual An Introduction to Zones and Interfaces, Creating Network Access Rules

Page 43

An Introduction to Zones and Interfaces

Zones split a network infrastructure into logical areas, each with its own set of usage rules, security services, and policies. Most networks include multiple definitions for zones, including those for trusted, untrusted, public, encrypted, and wireless traffic.

Some basic (default) zone types include:

WAN - Untrusted resources outside your local network

LAN - Trusted local network resources

WLAN - Local wireless network resources originating from SonicWALL wireless enabled appliances such as SonicPoints.

DMZ - Local network assets that must be accessible from the WAN zone (such as Web and FTP servers)

VPN - Trusted endpoints in an otherwise untrusted zone, such as the WAN

The security features and settings configured for the zones are enforced by binding a zone to one or more physical interfaces (such as, X0, X1, or X2) on the SonicWALL UTM appliance.

The X1 and X0 interfaces are preconfigured as WAN and LAN respectively. The remaining ports can be configured to meet the needs of your network, either by using basic zone types (WAN, LAN, WLAN, DMZ, VPN) or configuring a custom zone type to fit your network requirements (for example: Gaming Console Zone, Wireless Printer Zone, Wireless Ticket Scanner Zone).

Creating Network Access Rules

A Zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of access rules, a simpler and more intuitive process than following a strict physical interface scheme.

By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic from the Internet to the LAN. The following behaviors are defined by the “Default” stateful inspection packet access rule enabled in the SonicWALL security appliance:

Originating Zone

Destination Zone

Action

 

 

 

 

 

 

LAN, WLAN

WAN, DMZ

Allow

 

 

 

DMZ

WAN

Allow

 

 

 

WAN

DMZ

Deny

 

 

 

WAN and DMZ

LAN or WLAN

Deny

 

 

 

Page 42 An Introduction to Zones and Interfaces

Page 42 Page 44
Image 43
Page 42 Page 44
Contents NSA E6500 Getting Started Guide SonicWALL NSA E6500 Document ContentsSonicWALL NSA E6500 FrontThis Section Pre-Configuration TasksCheck Package Contents Registration Information Obtain Configuration InformationAdministrator Information Obtain Internet Service Provider ISP InformationLCD Screen Front PanelBack Panel LCD Control Buttons Front Bezel Control FeaturesStatus Main MenuConfigure Screen-Saver Configuration OptionsRestart SafeModeLAN IP Configuration Front Bezel Configuration ExampleRegistering Your Appliance Before You Register Product Registration Registering and Licensing Your Appliance on mysonicwall.comGateway Services Licensing Security Services and SoftwareSonicWALL NSA E6500 Getting Started Guide Registration Next Steps Registering a Second Appliance as a BackupDeployment Scenarios Selecting a Deployment Scenario ABCScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode Connecting the WAN Port Initial SetupSystem Requirements Applying Power Connecting the LAN PortAccessing the Setup Wizard Accessing the Management InterfaceTesting Your Connection Connecting to Your NetworkActivating Licenses in SonicOS Upgrading Firmware on Your SonicWALL Saving a Backup Copy of Your PreferencesObtaining the Latest Firmware Upgrading the Firmware Using SafeMode to Upgrade FirmwareAdditional Deployment Initial High Availability Setup Configuring a State Sync Pair in NAT/Route ModeConfiguring Advanced HA Settings Configuring High Availability34 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Synchronizing Firmware Adjusting High Availability SettingsYour Appliance on mysonicwall.com HA License Configuration OverviewAssociating Pre-Registered Appliances Configuring the Primary Bridge Interface Configuring L2 Bridge ModeConnection Overview IP Assignment drop-down, select Layer 2 Bridged Mode Configuring the Secondary Bridge InterfaceAdditional Deployment Configuration An Introduction to Zones and Interfaces Creating Network Access RulesSonicWALL NSA E6500 Getting Started Guide 44 Creating Network Access Rules Creating a NAT Policy Configuring Address Objects Configuring NAT Policies Applying Security Services to Zones Enabling Security Services in SonicOSGateway Anti-Virus Intrusion Prevention Anti-Spyware Using Packet Capture Troubleshooting Diagnostic ToolsUsing Ping Using the Active Connections Monitor Using Log View For this Task See this Chapter Deployment Configuration Reference Checklist54 Deployment Configuration Reference Checklist Support and Training Options Knowledge Portal Customer SupportUser Forums Training Related Documentation SonicWALL Live Product Demos Dynamic TooltipsSonicWALL NSA E6500 Getting Started Guide 62 SonicWALL Live Product Demos Rack Mounting Instructions Rack Mounting Instructions SSEMBLEMTHEL3LIDET2AIL  &ASTEN TWOSIDEDISCREWSWTOOTHETRAIL SSEMBLEMNNERE2AILITOO#HASSIS NSERTT#HASSISATOO&RAME  3LIDEIINNER CHANNELEINTOORAILS 68 Rack Mounting Instructions Product Safety and Regulatory Information Rack Mounting the SonicWALL Safety and Regulatory InformationHinweis zur Lithiumbatterie FCC Part 15 Class a Notice Trademarks Copyright NoticePage SonicWALL NSA E6500 Getting Started Guide Page Protection AT the Speed of Business
Top Page Image Contents