This section describes how to configure the zones on the security appliance. You can restore the zone configuration to the factory default settings, edit the settings of the predefined zones (except for the VPN and SSLVPN zones), or customize new zones for your specific business needs.
Note You can click Reset to restore your zone configuration to the factory default settings. All custom zones will be removed and the settings relevant to these custom zones will be cleaned up after you perform this operation.
1. To add a new zone, click Add. To edit an entry, click the Edit (pencil) icon.
Other options: To delete an entry, click the Delete (x) icon. To delete multiple entries, check them and click Delete.
NOTE: All predefined zones (except for the VOICE zone) cannot be deleted. Only the associated ports and VLANs for the predefined zones (except for the VPN and SSLVPN zones) can be edited.
2. Enter the following information:
• Name: Enter the name for the zone.
• Security Level: Specify the security level for the zone.
– For VLANs, all security levels are selectable.
– For DMZs, choose Public(50).
– For WAN ports, choose Untrusted(0).
• Map interfaces to this zone: Choose the existing VLANs or WAN ports from the Available Interfaces list and click the right arrow to add them to the Mapped to Zone list. Up to 16 VLANs can be mapped to a zone.
3. Click OK to save your settings and close the pop-up window.
4. Click Save to apply your settings.
• After you create a new zone, a certain amount of firewall rules will be automatically generated to permit or block traffic from the new zone to other zones or from other zones to the new zone. The permit or block action is determined by the security level of the new zone. By default, the firewall prevents all inbound traffic and allows all outbound traffic. To customize firewall rules for the new zone, go to the Firewall > Access Control > ACL Rules page. For information on configuring firewall rules, see Configuring Firewall Rules to Control Inbound and Outbound Traffic, page 186.
• Apply the security services on the zones if you enable the security services such as Intrusion Prevention (IPS), Anti-Virus, and Application Control on the security appliance. For complete details, see Chapter 7, "Security Services."