Learn how to create security zones for stacked security
policies.
| Where Can I Use
This? | What Do I
Need? |
|---|
Security Zones specify enforcement boundaries
where traffic is subject to inspection and filtering. Each security
zone maps to networks attached to physical interfaces, logical interfaces,
or sub-interfaces of a device. These zone-level interfaces serve
as a proxy for physical circuits and virtual circuits, such as VLAN,
Layer 3 VPN, and Layer 2 VPN circuits.
You can manage and
secure every interface in a zone independently.
Allow
or deny every interface in zone access to other zones within an
enterprise network.
Segregate interface traffic by blocking all access not explicitly
allowed by the security policies of an enterprise.
Isolate networks that have private or secure information
by restricting access to it from public networks.
An
area includes source and destination zones with network IDs for
a site and is associated with one or more WAN, LAN, or VPN. Attach
a zone to multiple networks, but each network type LAN, WAN, or
VPN would be connected to one location. Typically, most organizations
create three to four zones to segregate traffic using the model’s
guest zone, one or more corporate LAN zones, an outside zone for
internet underlay, and a corporate WAN zone for private WAN and
VPN over the internet or private WAN.
Policy rules use zones
in the form of Source Zones or Destination Zones. In Security Policy
rules, specify the source and destination zones to which the rule
applies. You must establish one or more source and destination zones
for each security rule to configure. The source zone identifies
the network from where traffic originates and the destination zone
identifies the destination traffic of the network.
