Chapter 17 Zones
ZyWALL USG 100/200 Series User’s Guide
408
17.1.2 What You Need to Know
Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone
traffic, and extra-zone traffic--which are affected differently by zone-based
security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.
For example, in Figure 310 on page 407, traffic between VLAN 2 and the
Ethernet is intra-zone traffic.
• In each zone, you can either allow or prohibit all intra-zone traffic. For example,
in Figure 310 on page 407, you might allow intra-zone traffic in the LAN zone
but prohibit it in the WAN zone.
• You can also set up firewall rules to control intra-zone traffic (for example, DMZ-
to-DMZ), but many other types of zone-based security and policy settings do
not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.
For example, in Figure 310 on page 407, traffic between VLAN 1 and the Internet
is inter-zone traffic. This is the normal case when zone-based security and policy
settings apply.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not
assigned to a zone. For example, in Figure 310 on page 407, traffic to or from
computer C is extra-zone traffic.
• Some zone-based security and policy settings may apply to extra-zone traffic,
especially if you can set the zone attribute in them to Any or All. See the
specific feature for more information.
Finding Out More
• See Section 6.5.8 on page 104 for related information on these screens.
• See Section 7.1 on page 115 for an example of configuring Ethernet interfaces,
port groups, and zones.
To Next Page
Loading...
