Table of Contents

ZBFW Zones

ZBFW zones are bound to sites through site bindings.
Zones specify enforcement boundaries where traffic subject to inspection and filtering. Each zone maps to networks attached to physical interfaces, logical interfaces, or sub-interfaces of a device. These zone-level interfaces serve as a proxy for physical circuits and virtual circuits, such as VLAN, Layer 3 VPN, and Layer 2 VPN circuits. You can manage and secure every interface in a zone independently.
  • Allow or deny every interface in zone access to other zones within an enterprise network.
  • Segregate interface traffic by blocking all access not explicitly allowed by the security policies of an enterprise.
  • Isolate networks that have private or secure information by restricting access to it from public networks.
An area includes source and destination zones with network IDs for a site and is associated with one or more WAN, LAN, or VPN. Attach a zone to multiple networks, but each network type LAN, WAN, or VPN would be connected to one location.
Typically, most organizations create three to four zones to segregate traffic using the model’s guest zone, one or more corporate LAN zones, an outside zone for internet underlay, and a corporate WAN zone for private WAN and VPN over the internet or private WAN.
Define the network segments that allow or restricts the application access to control traffic between LAN or between LAN and WAN and, through site bindings, bind zones to the appropriate LAN and WAN interfaces at each site.
In Security Policy rules, specify the source and destination zones to which the rule applies. You must establish one or more source and destination zones for each security rule to configure. The source zone identifies the network from where traffic originates and the destination zone identifies the destination traffic of the network.

Recommended For You