Network > Zones
285
SonicOS 5.8.1 Administrator Guide
doorperson can also elect to force people to put on a costume before traveling to another room,
or to exit, or to another remote office. This hides the true identity of the person, masquerading
the person as someone else. This process can be thought of as the NAT policy.
Predefined Zones
The predefined zones on your the SonicWALL security appliance depend on the device.The
predefined security zones on the SonicWALL security appliance are not modifiable and are
defined as follows:
• WAN: This zone can consist of either one or two interfaces. If you’re using the security
appliance’s WAN failover capability, you need to add the second Internet interface to the
WAN zone.
• LAN: This zone can consist of one to five interfaces, depending on your network design.
Even though each interface will have a different network subnet attached to it, when
grouped together they can be managed as a single entity.
• DMZ: This zone is normally used for publicly accessible servers. This zone can consist of
one to four interfaces, depending on you network design.
• VPN: This virtual zone is used for simplifying secure, remote connectivity. It is the only zone
that does not have an assigned physical interface.
• MULTICAST: This zone provides support for IP multicasting, which is a method for sending
IN packets from a single source simultaneously to multiple hosts.
• WLAN: This zone provides support to SonicWALL SonicPoints. When assigned to the Opt
port, it enforces SonicPoint Enforcement, automatically dropping all packets received from
non-SonicPoint devices. The WLAN zone supports SonicPoint Discovery Protocol (SDP) to
automatically poll for and identify attached SonicPoints. It also supports SonicWALL Simple
Provisioning Protocol to configure SonicPoints using profiles.
Note Even though you may group interfaces together into one security zone, this does not
preclude you from addressing a single interface within the zone.
Security Types
Each zone has a security type, which defines the level of trust given to that zone. There are five
security types:
• Trusted: Trusted is a security type that provides the highest level of trust—meaning that
the least amount of scrutiny is applied to traffic coming from trusted zones. Trusted security
can be thought of as being on the LAN (protected) side of the security appliance. The LAN
zone is always Trusted.
• Encrypted: Encrypted is a security type used exclusively by the VPN zone. All traffic to and
from an Encrypted zone is encrypted.
• Wireless: Wireless is a security type applied to the WLAN zone or any zone where the only
interface to the network consists of SonicWALL SonicPoint devices. Wireless security type
is designed specifically for use with SonicPoint devices. Placing an interface in a Wireless
zone activates SDP (SonicWALL Discovery Protocol) and SSPP (SonicWALL Simple
Provisioning Protocol) on that interface for automatic discovery and provisioning of
SonicPoint devices. Only traffic that passes through a SonicPoint is allowed through a
Wireless zone; all other traffic is dropped.