Filter
Top Products
Chapter 17 Zones
ZyWALL USG 300 User’s Guide
404
17.1.2 What You Need to Know
Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone
traffic, and extra-zone traffic--which are affected differently by zone-based
security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.
For example, in Figure 309 on page 403, traffic between VLAN 2 and the
Ethernet is intra-zone traffic.
• In each zone, you can either allow or prohibit all intra-zone traffic. For example,
in Figure 309 on page 403, you might allow intra-zone traffic in the LAN zone
but prohibit it in the WAN zone.
• You can also set up firewall rules to control intra-zone traffic (for example, DMZ-
to-DMZ), but many other types of zone-based security and policy settings do
not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.
For example, in Figure 309 on page 403, traffic between VLAN 1 and the Internet
is inter-zone traffic. This is the normal case when zone-based security and policy
settings apply.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not
assigned to a zone. For example, in Figure 309 on page 403, traffic to or from
computer C is extra-zone traffic.
• Some zone-based security and policy settings may apply to extra-zone traffic,
especially if you can set the zone attribute in them to Any or All. See the
specific feature for more information.
Finding Out More
• See Section 6.5.8 on page 103 for related information on these screens.
• See Section 7.1 on page 115 for an example of configuring Ethernet interfaces,
port groups, and zones.