SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
283
SonicOS 5.8.1 Administrator Guide
CHAPTER 18
Chapter 18: Configuring Zones
Network > Zones
This section contains the following subsections:
“How Zones Work” on page 284
“The Zone Settings Table” on page 287
“Adding and Configuring Zones” on page 288
“Deleting a Zone” on page 289
“Configuring a Zone for Guest Access” on page 290
“Configuring the WLAN Zone” on page 293
A zone is a logical grouping of one or more interfaces designe
d to make management, such as
the definition and application of Access Rules, a simpler and more intuitive process than
following strict physical interface scheme. Zone-based security is a powerful and flexible
method of managing both internal and external network segments, allowing the administrator
to separate and protect critical internal network resources from unapproved access or attack.
A network security zone is simply a logical method of grouping one or more interfaces with
friendly, user-configurable names, and applying security rules as traffic passes from one zone
to another zone. Security zones provide an additional, more flexible, layer of security for the
firewall. With the zone-based security, the administrator can group similar interfaces and apply
the same policies to them, instead of having to write the same policy for each interface.
For more information on configuring interfaces, see “Network > Interfaces” on page 183.
SonicOS Enhanced zones allows you to apply security policies to the inside of the network. This
allows the administrator to do this by organizing network resources to different zones, and
allowing or restricting traffic between those zones. This way, access to critical internal
resources such as payroll servers or engineering code servers can be strictly controlled.
Zones also allow full exposure of the NAT table to allow the administrator control over the traffic
across the interfaces by controlling the source and destination addresses as traffic crosses
from one zone to another. This means that NAT can be applied internally, or across VPN