Chapter 17 Zones

17.1.2 What You Need to Know

Effects of Zones on Different Types of Traffic

Zones effectively divide traffic into three types--intra-zone traffic, inter-zone traffic, and extra-zone traffic--which are affected differently by zone-based security and policy settings.

Intra-zone Traffic

Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone. For example, in Figure 285 on page 377, traffic between VLAN 2 and the Ethernet is intra-zone traffic.

In each zone, you can either allow or prohibit all intra-zone traffic. For example, in Figure 285 on page 377, you might allow intra-zone traffic in the LAN zone but prohibit it in the WAN zone.

You can also set up firewall rules to control intra-zone traffic (for example, DMZ- to-DMZ), but many other types of zone-based security and policy settings do not affect intra-zone traffic.

Inter-zone Traffic

Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones. For example, in Figure 285 on page 377, traffic between VLAN 1 and the Internet is inter-zone traffic. This is the normal case when zone-based security and policy settings apply.

Extra-zone Traffic

Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not assigned to a zone. For example, in Figure 285 on page 377, traffic to or from computer C is extra-zone traffic.

Some zone-based security and policy settings may apply to extra-zone traffic, especially if you can set the zone attribute in them to Any or All. See the specific feature for more information.

Finding Out More

See Section 6.5.8 on page 107 for related information on these screens.

See Section 7.1 on page 119 for an example of configuring Ethernet interfaces, port groups, and zones.

378

 

ZyWALL USG 2000 User’s Guide