Cookbook Configuration
109
The security zones of the same priority cannot access each other.
If the zone policy and the global policy are configured, the device will process the packets based on the access
control rule of the zone policy and the global policy. Otherwise, the device will process the packets based on the
default access policy.
Interface-based Security Zone
After the interfaces are grouped into a security zone, when a packet reaches the device, the device will identify
the source interface and the destination interface of the packet, match the interface of the packet with the
interface associated with the security zone to determine the source security zone and the destination security
zone to which the packet belongs, and then forward or block the packet according to the access policy between
security zones or the default access policy.
The default security zone is predefined by the device and cannot be deleted. Interfaces that are not grouped
into specified security zones will be assigned to the default security zone.
Procedure
(1) Choose Firewall > Security Zone Config > Security Zone.
(2) Click Add to access the Create Interface-based Security Zone page.
Note
The device will display the page of the interface-based security zone by default. If not, you can click Switch to
enter the page of the interface-based security zone.
(3) Enter the security zone name and description. Click Select to select the interfaces belonging to this security
zone. Enter the security zone level, select whether to allow intra-zone communication and click OK.
Note
The security zone level is the priority. The higher value indicates higher priority. By default, the security zone
with a high priority can access the security zone with a low priority, but not vice versa. The security zones of the
same priority cannot access each other.