Table of Contents
Advertisement
ISG 2000 User's Guide
Security Zones and Interfaces
6
Security Zones and Interfaces
A security zone is a collection of one or more network segments requiring the
regulation of inbound and outbound traffic through policies. You use security zones
to separate network segments of differing trust levels and control the flow of traffic
between them by the policies that you set.
Figure 6: Three Security Zones
Three security zones requiring interzone policies
for traffic to flow from one zone to another.
Security Zone
Policies
PWR
ALARM
TEMP
STA TUS
HA
FAN
MOD1
MOD2
MOD3
FLASH
ISG 2000
Security Zone
The ISG 2000 ships with seven predefined security zones—including the Global
zone, which is used mainly for holding mapped IP (MIP) and virtual IP (VIP)
addresses. For information on all zone types and their uses, see the Fundamentals
volume in the NetScreen Concepts & Examples ScreenOS Reference Guide.
To view all the predefined zones, enter the get zone command, as shown below.
get zone
Total 13 zones created in vsys Root - 7 are policy configurable.
Total policy configurable zones for Root is 7.
ID
Name
Type
0
Null
Null
1
Untrust
Sec(L3)
2
Trust
Sec(L3)
3
DMZ
Sec(L3)
4
Self
Func
5
MGT
Func
6
HA
Func
10
Global
Sec(L3)
11
V1-Untrust
Sec(L2)
12
V1-Trust
Sec(L2)
13
V1-DMZ
Sec(L2)
14
VLAN
Func
16
Untrust-Tun
Tun
The security zones can be Layer 3
zones or Layer 2 zones.
Security Zone
Attr
VR
Default-IF
Shared
untrust-vr
hidden
Shared
trust-vr
null
trust-vr
null
trust-vr
null
trust-vr
self
trust-vr
mgt
trust-vr
null
trust-vr
null
trust-vr
v1-untrust
trust-vr
v1-trust
trust-vr
v1-dmz
trust-vr
vlan1
trust-vr
hidden.1
VSYS
Root
Root
Root
Root
Root
Root
Root
Root
Root
Root
Root
Root
Root
Advertisement
Table of Contents
