| Where Can I Use
This? | What Do I
Need? |
|---|
Zones are a critical component for creating
security policy rules. When you are ready to create zones, policy rules
rely on a zone-pair that includes at least one source zone and one
destination zone. Zone maps to networks and interfaces. The default
action is to deny traffic between zones. Modify the default zone-pair
policy to allow all traffic or deny, then create exceptions to deny
or allow specific traffic by changing the order of applied policy
rules. Define the network segments used to restrict application access
and control traffic between LANs or LANs and WANs. Bind zones to
the appropriate LAN and WAN interfaces at each site through site
bindings.
While creating security policy rules, specify the
source and destination zones to which the rule applies and establish
one or more source and destination zones for each security rule
you configure. The source zone identifies the LAN network from where
traffic originates, and the destination zone identifies traffic
from the LAN network.
