Table of Contents
Advertisement
Networking
Configuring the Zones
NOTE
Cisco ISA500 Series Integrated Security Appliance Administrator Guide
We recommend that you configure the zones before configuring the WAN, VLAN,
DMZ, and the security features such as zone-based firewall and UTM security
services.
Security Levels for Zones
The security appliance supports five security levels for zones as described below.
The greater value, the higher the permission level. The VPN and SSLVPN zones
have the same security level.
•
Trusted (100): Offers the highest level of trust. The LAN zone is always
trusted.
•
VPN (75): Used exclusively by the predefined VPN and SSLVPN zones. All
traffic to and from a VPN zone is encrypted.
•
Public (50): Offers a higher level of trust than a Guest zone, but a lower
level of trust than a VPN zone. The DMZ zone is a public zone.
•
Guest (25): Offers a higher level of trust than an untrusted zone, but a lower
level of trust than a public zone. Guest zones can only be used for guest
access.
•
Untrusted (0): Offers the lowest level of trust. It is used by both the WAN
and the virtual multicast zones. You can map one or multiple WAN interfaces
to an untrusted zone.
Predefined Zones
The security appliance predefines the following zones with different security
levels:
•
WAN: The WAN zone is an untrusted zone. By default, the WAN1 interface
is mapped to the WAN zone. If the secondary WAN (WAN2) is applicable, it
can be mapped to the WAN zone or other untrusted zones.
•
LAN: The LAN zone is a trusted zone. You can map one or multiple VLANs to
a trusted zone. By default, the DEFAULT VLAN is mapped to the LAN zone.
•
DMZ: The DMZ zone is a public zone used for accessible servers.
4
128
Hide quick links:
Advertisement
Table of Contents
