Networking
Configuring Zones
Cisco ISA500 Series Integrated Security Appliances Administration Guide 147
4
•Untrusted(0): Offers the lowest level of trust. It is used by both the WAN
and the virtual multicast zones. You can map the WAN port to an untrusted
zone.
Predefined ZonesThe security appliance predefines the following zones with different security
levels:
•WAN: The WAN zone is an untrusted zone. By default, the WAN1 port is
mapped to the WAN zone. If the secondary WAN (WAN2) is applicable, it
can be mapped to the WAN zone or any other untrusted zone.
•LAN: The LAN zone is a trusted zone. You can map one or multiple VLANs to
a trusted zone. By default, the DEFAULT VLAN is mapped to the LAN zone.
•DMZ: The DMZ zone is a public zone used for the public servers that you
host in the DMZ networks.
•SSLVPN: The SSLVPN zone is a virtual zone used for simplifying secure and
remote SSL VPN connections. This zone does not have an assigned
physical port.
•VPN: The VPN zone is a virtual zone used for simplifying secure IPsec VPN
connections. This zone does not have an assigned physical port.
•GUEST: The GUEST zone can only be used for guest access. By default,
the GUEST VLAN is mapped to this zone.
•VOICE: The VOICE zone is a security zone designed for voice traffic. Traffic
coming and outgoing from this zone will be optimized for voice operations.
If you have voice devices, such as Cisco IP Phone, it is desirable to place
the devices into the VOICE zone.
Configuring ZonesThis section describes how to configure the zones on the security appliance. You
can restore the zone configuration to the factory default settings, edit the settings
of the predefined zones (except for the VPN and SSLVPN zones), or customize
new zones for your specific business needs.
NOTE You can click Reset to restore your zone configuration to the factory default
settings. All custom zones will be removed and the settings relevant to these
custom zones will be cleaned up after you perform this operation.