What You Need To Know - ZyXEL Communications ZyWall USG 300 User Manual

Chapter 17 Zones

17.1.2 What You Need to Know

Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone
traffic, and extra-zone traffic--which are affected differently by zone-based
security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.
For example, in
Ethernet is intra-zone traffic.
• In each zone, you can either allow or prohibit all intra-zone traffic. For example,
in Figure 309 on page
but prohibit it in the WAN zone.
• You can also set up firewall rules to control intra-zone traffic (for example, DMZ-
to-DMZ), but many other types of zone-based security and policy settings do
not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.
For example, in
is inter-zone traffic. This is the normal case when zone-based security and policy
settings apply.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not
assigned to a zone. For example, in
computer C is extra-zone traffic.
• Some zone-based security and policy settings may apply to extra-zone traffic,
especially if you can set the zone attribute in them to Any or All. See the
specific feature for more information.
Finding Out More
• See Section 6.5.8 on page 103
• See Section 7.1 on page 115
port groups, and zones.
404
Figure 309 on page
403, you might allow intra-zone traffic in the LAN zone
Figure 309 on page 403, traffic between VLAN 1 and the Internet
for related information on these screens.
for an example of configuring Ethernet interfaces,
403, traffic between VLAN 2 and the
Figure 309 on page 403, traffic to or from
ZyWALL USG 300 User's Guide