Networking
Configuring Zones
Cisco ISA500 Series Integrated Security Appliances Administration Guide 146
4
Use the Networking > Zones page to configure a security zone, which is a group of
interfaces to which a security policy can be applied. The interfaces in a zone share
common functions or features. For example, two interfaces that are connected to
the local LAN might be placed in one security zone, and the interfaces connected
to the Internet might be placed in another security zone.
The interfaces are IP-based interfaces (VLANs, WAN1, WAN2, and so forth). Each
interface can only join one zone, but each zone with specific security level can
have multiple interfaces.
Refer to the foll owing to pics:
•Security Levels for Zones, page 146
•Predefined Zones, page147
•Configuring Zones, page 147
NOTE We recommend that you configure the zones before you configure WAN, VLAN,
DMZ, zone-based firewall, and security services.
Security Levels for Zones
The security level for the zone defines the level of trust given to that zone. The
security appliance supports five security levels for the zones as described below.
The greater value, the higher the permission level. The predefined VPN and
SSLVPN zones have the same security level.
•Trusted(100): Offers the highest level of trust. The LAN zone is always
trusted.
•VPN(75): Offers a higher level of trust than a public zone, but a lower level
of trust than a trusted zone, which is used exclusively by the predefined
VPN and SSLVPN zones. All traffic to and from a VPN zone is encrypted.
•Public(50): Offers a higher level of trust than a guest zone, but a lower level
of trust than a VPN zone. The DMZ zone is a public zone.
•Guest(25): Offers a higher level of trust than an untrusted zone, but a lower
level of trust than a public zone. Guest zones can only be used for guest
access.