What You Need To Know About Zones - ZyXEL Communications ZyWall USG 2000 User Manual

Chapter 14 Zones

14.1.2 What You Need to Know About Zones

Effects of Zones on Different Types of Traffic
Zones effectively divide traffic into three types--intra-zone traffic, inter-zone
traffic, and extra-zone traffic--which are affected differently by zone-based
security and policy settings.
Intra-zone Traffic
• Intra-zone traffic is traffic between interfaces or VPN tunnels in the same zone.
For example, in
Ethernet is intra-zone traffic.
• In each zone, you can either allow or prohibit all intra-zone traffic. For example,
in Figure 159 on page
but prohibit it in the WAN zone.
• You can also set up firewall rules to control intra-zone traffic (for example, DMZ-
to-DMZ), but many other types of zone-based security and policy settings do
not affect intra-zone traffic.
Inter-zone Traffic
Inter-zone traffic is traffic between interfaces or VPN tunnels in different zones.
For example, in
is inter-zone traffic. This is the normal case when zone-based security and policy
settings apply.
Extra-zone Traffic
• Extra-zone traffic is traffic to or from any interface or VPN tunnel that is not
assigned to a zone. For example, in
computer C is extra-zone traffic.
• Some zone-based security and policy settings may apply to extra-zone traffic,
especially if you can set the zone attribute in them to Any or All. See the
specific feature for more information.
Finding Out More
See Section 5.4.7 on page 92
262
Figure 159 on page
261, you might allow intra-zone traffic in the LAN zone
Figure 159 on page 261, traffic between VLAN 1 and the Internet
for related information on these screens.
261, traffic between VLAN 2 and the
Figure 159 on page 261, traffic to or from
ZyWALL USG 2000 User's Guide