Filter
Top Products
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
71
Network > Zones
•DMZ: This zone is normally used for publicly accessible servers. This zone can consist of one to
four interfaces, depending on you network design.
• VPN: This virtual zone is used for simplifying secure, remote connectivity. It is the only zone that
does not have an assigned physical interface.
•WLAN: This zone provides support to SonicWALL SonicPoints.
• MULTICAST: This zone provides support for IP multicasting, which is a method for sending IN
packets from a single source simultaneously to multiple hosts.
Note: Even though you may group interfaces together into one security zone, this does not preclude
you from addressing a single interface within the Zone.
Security Types
Each zone has a security type. The security type defines the of trust given to that zone. There are five
security types:
• Trusted: Trusted is a security type that provides the highest level of trust--meaning that the least
amount of scrutiny is applied to traffic coming from trusted zones. Trusted security can be thought
of as being on the LAN (protected) side of the security appliance. The LAN zone is always Trusted.
• Encrypted: Encrypted is a security type used exclusively by the VPN Zone. All traffic to and from
an Encrypted zone is encrypted.
• Wireless: Wireless is a security type applied to the WLAN zone or any zone where the only
interface to the network consists of SonicWALL SonicPoint devices. You typically use WiFiSec to
secure traffic in a Wireless zone. The Wireless security type is designed specifically for use with
SonicPoint devices. Placing an interface in a Wireless Zone activates SDP (SonicWALL Discovery
Protocol) and SSPP (SonicWALL Simple Provisioning Protocol) on that interface for automatic
discovery and provisioning of SonicPoint devices. Only traffic that passes through a SonicPoint is
allowed through a Wireless zone; all other traffic is dropped.
• Public: A Public security type offers a higher level of trust than an Untrusted zone, but a lower
level of trust than a Trusted zone. Public zones can be thought of as being a secure area between
the LAN (protected) side of the security appliance and the WAN (unprotected) side. The DMZ, for
example, is a Public zone because traffic flows from it to both the LAN and the WAN, but it will only
have default access to the WAN, not the LAN.
• Untrusted: The Untrusted security type represents the lowest level of trust. It is used by both the
WAN and the virtual Multicast zone. An Untrusted zone can be thought of as being on the WAN
(unprotected) side of the security appliance.By default, traffic from Untrusted zones is not
permitted to enter any other zone type without explicit rules, but traffic from every other zone type
is permitted to Untrusted zones.
Allow Interface Trust
The Allow Interface Trust setting in the Add Zone window automates the creation of Access Rules
to allow traffic to flow between the Interfaces of a zone instance. For example, if the LAN Zone has
interfaces X0, X3, and X5 assigned to it, checking Allow Interface Trust on the LAN Zone creates
the necessary Access Rules to allow hosts on these Interfaces to communicate with each other.
Enabling SonicWALL Security Services on Zones
You can enable SonicWALL Security Services for traffic across zones. For example, you can enable
SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN zone to add
more security for internal network traffic. You can enable the following SonicWALL Security Services
on zones: