Chapter 5 Configuration Basics

5.2 Zones, Interfaces, and Physical Ports

Zones (groups of interfaces and VPN tunnels) simplify security settings. Here is an overview of zones, interfaces, and physical ports in the ZyWALL.

Figure 44 Zones, Interfaces, and Physical Ethernet Ports

Zones

WAN

OPT

LAN1

 

WLAN

DMZ

Interfaces

wan1

wan2

opt

lan1

 

ext-wlan

dmz

Physical Ports

P1

P2

P3

P4

P5

P6

P7

 

 

 

 

 

 

 

Table 22 Zones, Interfaces, and Physical Ethernet Ports

Zones

A zone is a group of interfaces and VPN tunnels. Use zones to apply security

(WAN, OPT, LAN1,

settings such as firewall, IDP, remote management, anti-virus, and application

WLAN, DMZ)

patrol. You can change the opt interface to be part of a different zone.

 

 

Interfaces

Interfaces are logical entities that (layer-3) packets pass through. Use

(Ethernet, VLAN,...)

interfaces in configuring VPN, zones, trunks, device HA, DDNS, policy routes,

 

static routes, HTTP redirect, and virtual server.

 

Port roles combine physical ports into interfaces called port groups.

 

 

Physical Ethernet

The physical port is where you connect a cable. In configuration, you use

Ports

physical ports when configuring port roles. You use interfaces and zones in

(P1~P7)

configuring other features.

 

 

5.2.1 Interface Types

There are many types of interfaces in the ZyWALL. In addition to being used in various features, interfaces also describe the network that is directly connected to the ZyWALL.

Ethernet interfaces are the foundation for defining other interfaces and network policies. You also configure RIP and OSPF in these interfaces.

Port groups are created when you use the Interface > Port Roles screen to set multiple physical ports to be part of the same (lan1, ext-wlan or dmz) interface. This creates a hardware connection between the physical ports at the layer-2 (data link, MAC address) level.

PPP interfaces support Point-to-Point Protocols (PPPoE or PPTP). ISP account settings are included.

Cellular interfaces are for 3G WAN connections via a connected 3G device.

WLAN interfaces are for wireless LAN (IEEE 802.11b/g) connections via an installed wireless LAN card.

VLAN interfaces recognize tagged frames. The ZyWALL automatically adds or removes the tags as needed. Each VLAN can only be associated with one Ethernet interface.

110

 

ZyWALL USG 100/200 Series User’s Guide