What You Need To Know - ZyXEL Communications ZYWALL USG 20 Manual

Chapter 15 Zones

15.1.2 What You Need to Know

Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone
traffic, and extra-zone traffic--which are affected differently by zone-based
security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.
For example, in
Ethernet is intra-zone traffic.
• In each zone, you can either allow or prohibit all intra-zone traffic. For example,
in Figure 197 on page
but prohibit it in the WAN zone.
• You can also set up firewall rules to control intra-zone traffic (for example, DMZ-
to-DMZ), but many other types of zone-based security and policy settings do
not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.
For example, in
is inter-zone traffic. This is the normal case when zone-based security and policy
settings apply.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not
assigned to a zone. For example, in
computer C is extra-zone traffic.
• Some zone-based security and policy settings may apply to extra-zone traffic,
especially if you can set the zone attribute in them to Any or All. See the
specific feature for more information.
Finding Out More
• See Section 6.5.7 on page 98
• See Section 7.1 on page 107
port groups, and zones.
328
Figure 197 on page
327, you might allow intra-zone traffic in the LAN zone
Figure 197 on page 327, traffic between VLAN 1 and the Internet
for related information on these screens.
for an example of configuring Ethernet interfaces,
327, traffic between VLAN 2 and the
Figure 197 on page 327, traffic to or from
ZyWALL USG 20/20W User's Guide