Security Zone Configuration

Security Zone Configuration

A security zone is a section of the network which is associated with a port or VLAN. If you need to control the traffic between devices, the devices must be in separate security zones. Using the LSM, you can add, edit, or delete security zones.

Security zones enable you to logically segment your networks so that the device can apply firewall rules and IPS filters to control the traffic passing between the zones. Typically, each Ethernet port and VPN tunnel on the device is associated with one security zone, unless you use VLANs. If you configure VLANs, then a port can be in more than one security zone. For further information on Security Zones, refer to the Concepts Guide.

Any traffic originating from or destined to devices in a zone will be directed through the device and policed by firewall policies, if the traffic passes through to another zone. However, traffic moving between devices within a given zone that you have defined (intra-zone traffic) will not be subject to firewalling or IPS filtering (for example, a user on the LAN zone, accessing the local LAN printer) and will not pass through the device.

Devices in your network that communicate freely and do not require restricted access between them should be placed in the same zone.

In the LSM, you can view and manage Security Zones from the Security Zone page (Network > Configuration > Security Zones). From this page you can complete the following tasks:

View a summary of current configuration for all Security Zones

Create a Security Zone

Edit the configuration for a Security Zone

Delete a Security Zone

The following figure shows the Security Zones page.

Figure 6–5: Network: Security Zones Page

X Family LSM User’s Guide V 2.5.1

135