ISG 2000 User’s Guide
6 Security Zones and Interfaces
Security Zones and Interfaces
A security zone is a collection of one or more network segments requiring the
regulation of inbound and outbound traffic through policies. You use security zones
to separate network segments of differing trust levels and control the flow of traffic
between them by the policies that you set.
Figure 6: Three Security Zones
The ISG 2000 ships with seven predefined security zones—including the Global
zone, which is used mainly for holding mapped IP (MIP) and virtual IP (VIP)
addresses. For information on all zone types and their uses, see the Fundamentals
volume in the NetScreen Concepts & Examples ScreenOS Reference Guide.
To view all the predefined zones, enter the
get zone command, as shown below.
get zone
Total 13 zones created in vsys Root - 7 are policy configurable.
Total policy configurable zones for Root is 7.
ID Name Type Attr VR Default-IF VSYS
0 Null Null Shared untrust-vr hidden Root
1 Untrust Sec(L3) Shared trust-vr null Root
2 Trust Sec(L3) trust-vr null Root
3 DMZ Sec(L3) trust-vr null Root
4 Self Func trust-vr self Root
5 MGT Func trust-vr mgt Root
6 HA Func trust-vr null Root
10 Global Sec(L3) trust-vr null Root
11 V1-Untrust Sec(L2) trust-vr v1-untrust Root
12 V1-Trust Sec(L2) trust-vr v1-trust Root
13 V1-DMZ Sec(L2) trust-vr v1-dmz Root
14 VLAN Func trust-vr vlan1 Root
16 Untrust-Tun Tun trust-vr hidden.1 Root
HA
FLASH
PWR
FAN
ALARM
MOD1
TEMP
MOD2
STATUS
MOD3
ISG 2000
Policies
Security Zone
Security Zone
Security Zone
Three security zones requiring interzone policies
for traffic to flow from one zone to another.
The security zones can be Layer 3
zones or Layer 2 zones.
To Next Page
Loading...
Need help?
General