The following diagram shows a very basic example of Network
Segmentation Using Zones. The more granular you make your
zones (and the corresponding security policy rules that allows traffic
between zones), the more you reduce the attack surface on your network.
This is because traffic can flow freely within a zone (intra-zone
traffic), but traffic cannot flow between zones (inter-zone traffic)
until you define a Security policy rule that allows it. Additionally,
an interface cannot process traffic until you have assigned it to
a zone. Therefore, by segmenting your network into granular zones
you have more control over access to sensitive applications or data
and you can prevent malicious traffic from establishing a communication
channel within your network, thereby reducing the likelihood of
a successful attack on your network.