SonicWALL E6500 Manual De Usuario
Page 42
An Introduction to Zones and Interfaces
An Introduction to Zones and Interfaces
Zones split a network infrastructure into logical areas, each with
its own set of usage rules, security services, and policies. Most
networks include multiple definitions for zones, including those
for trusted, untrusted, public, encrypted, and wireless traffic.
its own set of usage rules, security services, and policies. Most
networks include multiple definitions for zones, including those
for trusted, untrusted, public, encrypted, and wireless traffic.
Some basic (default) zone types include:
WAN - Untrusted resources outside your local network
LAN - Trusted local network resources
WLAN - Local wireless network resources originating from
SonicWALL wireless enabled appliances such as SonicPoints.
SonicWALL wireless enabled appliances such as SonicPoints.
DMZ - Local network assets that must be accessible from the
WAN zone (such as Web and FTP servers)
WAN zone (such as Web and FTP servers)
VPN - Trusted endpoints in an otherwise untrusted zone, such
as the WAN
as the WAN
The security features and settings configured for the zones are
enforced by binding a zone to one or more physical interfaces
(such as, X0, X1, or X2) on the SonicWALL UTM appliance.
enforced by binding a zone to one or more physical interfaces
(such as, X0, X1, or X2) on the SonicWALL UTM appliance.
The X1 and X0 interfaces are preconfigured as WAN and LAN
respectively. The remaining ports can be configured to meet the
needs of your network, either by using basic zone types (WAN,
LAN, WLAN, DMZ, VPN) or configuring a custom zone type to
fit your network requirements (for example: Gaming Console
Zone, Wireless Printer Zone, Wireless Ticket Scanner Zone).
respectively. The remaining ports can be configured to meet the
needs of your network, either by using basic zone types (WAN,
LAN, WLAN, DMZ, VPN) or configuring a custom zone type to
fit your network requirements (for example: Gaming Console
Zone, Wireless Printer Zone, Wireless Ticket Scanner Zone).
Creating Network Access Rules
A Zone is a logical grouping of one or more interfaces designed
to make management, such as the definition and application of
access rules, a simpler and more intuitive process than
following a strict physical interface scheme.
to make management, such as the definition and application of
access rules, a simpler and more intuitive process than
following a strict physical interface scheme.
By default, the SonicWALL security appliance’s stateful packet
inspection allows all communication from the LAN to the
Internet, and blocks all traffic from the Internet to the LAN. The
following behaviors are defined by the “Default” stateful
inspection packet access rule enabled in the SonicWALL
security appliance:
inspection allows all communication from the LAN to the
Internet, and blocks all traffic from the Internet to the LAN. The
following behaviors are defined by the “Default” stateful
inspection packet access rule enabled in the SonicWALL
security appliance:
Originating Zone
Destination Zone
Action
LAN, WLAN
WAN, DMZ
Allow
DMZ
WAN
Allow
WAN
DMZ
Deny
WAN and DMZ
LAN or WLAN
Deny
NSA_E6500_GSG.book Page 42 Wednesday, June 17, 2009 7:16 PM