Networking
Configuring Zones
Cisco ISA500 Series Integrated Security Appliances Administration Guide 148
4
STEP 1 To add a new zone, click Add. To edit an entry, click the Edit (pencil) icon.
Other options: To delete an entry, click the Delete (x) icon. To delete multiple
entries, check them and click Delete.
NOTE: All predefined zones (except for the VOICE zone) cannot be deleted. Only
the associated ports and VLANs for the predefined zones (except for the VPN and
SSLVPN zones) can be edited.
STEP 2 Enter the following information:
•Name: Enter the name for the zone.
•Security Level: Specify the security level for the zone.
- For VLANs , all security levels are selectable.
- For DMZs, choose Public (50).
- For WAN ports, choose Untrusted(0).
•Map interfaces to this zone: Choose the existing VLANs or WAN ports from
the Available Interfaces list and click the right arrow to add them to the
Mapped to Zone list. Up to 16 VLANs can be mapped to a zone.
STEP 3 Click OK to save your settings and close the pop-up window.
STEP 4 Click Save to apply your settings.
NOTE Next steps:
• After you create a new zone, a certain amount of firewall rules will be
automatically generated to permit or block traffic from the new zone to
other zones or from other zones to the new zone. The permit or block action
is determined by the security level of the new zone. By default, the firewall
prevents all inbound traffic and allows all outbound traffic. To customize
firewall rules for the new zone, go to the Firewall > Access Control > ACL
Rules page. For information on configuring firewall rules, see Configuring
Firewall Rules to Control Inbound and Outbound Traffic, page252.
• Apply the security services on the zones if you enable the security services
such as Intrusion Prevention (IPS), Anti-Virus, and Application Control on the
security appliance. For complete details, see Chapter 7, "Security
Services."