Zone Protection and DoS Protection

Attacks against your network can originate externally or internally. Because different parts of a network perform functions that require different types and levels of protection, a global security policy or port-based security is not granular enough to properly secure each part of the network.
The solution is to segment the network into functional and organizational zones to reduce the network’s attack surface (the portion of the network and its traffic exposed to potential external and internal attackers). You protect each zone by using zone protection to protect zone borders and denial-of-service (DoS) protection to defend the endpoints and resources in each security zone.

Related Documentation