ZBFW zones are bound to sites through site bindings.
Zones specify enforcement boundaries
where traffic subject to inspection and filtering. Each zone maps
to networks attached to physical interfaces, logical interfaces,
or sub-interfaces of a device. These zone-level interfaces serve
as a proxy for physical circuits and virtual circuits, such as VLAN,
Layer 3 VPN, and Layer 2 VPN circuits. You can manage and secure
every interface in a zone independently.
Allow or deny every interface in zone access to other
zones within an enterprise network.
Segregate interface traffic by blocking all access not explicitly
allowed by the security policies of an enterprise.
Isolate networks that have private or secure information
by restricting access to it from public networks.
An area includes source and destination zones
with network IDs for a site and is associated with one or more WAN,
LAN, or VPN. Attach a zone to multiple networks, but each network
type LAN, WAN, or VPN would be connected to one location.
Typically, most organizations create three to
four zones to segregate traffic using the model’s guest zone, one
or more corporate LAN zones, an outside zone for internet underlay,
and a corporate WAN zone for private WAN and VPN over the internet
or private WAN.
Define the network segments that allow or restricts
the application access to control traffic between LAN or between
LAN and WAN and, through site bindings, bind zones to the appropriate
LAN and WAN interfaces at each site.
In Security Policy rules, specify the source and
destination zones to which the rule applies. You must establish
one or more source and destination zones for each security rule
to configure. The source zone identifies the network from where
traffic originates and the destination zone identifies the destination
traffic of the network.