Cisco Cisco ISA570W Integrated Security Appliance Quick Setup Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
© 2012 Cisco Systems, Inc. All rights reserved.
Page 2 of 27
Predefined Zones
The default behaviors for all predefined zones and new zones are determined by their security levels.
lists the predefined zones that the ISA500 supports. The default behavior is as follows:
•
Traffic from a higher security zone to a lower security zone is permitted.
•
Traffic from a lower security zone to higher security zone is blocked.
•
Traffic between zones with the same security level is blocked.
For example, all traffic from the LAN (trusted zone) to the WAN (untrusted zone) is permitted, and traffic
from the WAN (untrusted zone) to the DMZ (public zone) is blocked.
from the WAN (untrusted zone) to the DMZ (public zone) is blocked.
If you create a new trusted zone such as a data zone, firewall rules are automatically generated to permit
or block traffic from the data zone to other zones or vice-versa. This permit or block action is determined
by the security levels.
or block traffic from the data zone to other zones or vice-versa. This permit or block action is determined
by the security levels.
Table 2. Predefined Zones
WAN
Untrusted zone. By default, the WAN port is mapped to the WAN zone and can only be
mapped to an untrusted zone.
mapped to an untrusted zone.
LAN
Trusted zone. You can map one or multiple VLANs to a trusted zone. By default, the
DEFAULT VLAN is mapped to the LAN zone.
DEFAULT VLAN is mapped to the LAN zone.
DMZ
Public zone. Zone used for the public servers that you host in the DMZ networks.
SSLVPN
Virtual zone. Zone used for simplifying secure and remote SSL VPN connections. The
SSLVPN zone does not have an assigned physical port.
SSLVPN zone does not have an assigned physical port.
VPN
Virtual zone. Zone used for simplifying secure IPsec VPN connections. The VPN zone
does not have an assigned physical port.
does not have an assigned physical port.
GUEST
Guest zone. Only used for guest access. By default, the GUEST VLAN is mapped to this
zone.
zone.
VOICE
Trusted zone. Security zone designed for voice traffic. Incoming and outgoing traffic from
this zone is optimized for voice operations. If you have voice devices, such as a Cisco IP
Phone, we recommend that you place devices into the VOICE zone.
this zone is optimized for voice operations. If you have voice devices, such as a Cisco IP
Phone, we recommend that you place devices into the VOICE zone.