SonicWALL TZ 190 Manuale Utente
Network > Zones
194
SonicOS Enhanced 4.0 Administrator Guide
•
Trusted: Trusted is a security type that provides the highest level of trust—meaning that
the least amount of scrutiny is applied to traffic coming from trusted zones. Trusted security
can be thought of as being on the LAN (protected) side of the security appliance. The LAN
zone is always Trusted.
the least amount of scrutiny is applied to traffic coming from trusted zones. Trusted security
can be thought of as being on the LAN (protected) side of the security appliance. The LAN
zone is always Trusted.
•
Encrypted: Encrypted is a security type used exclusively by the VPN Zone. All traffic to and
from an Encrypted zone is encrypted.
from an Encrypted zone is encrypted.
•
Wireless: Wireless is a security type applied to the WLAN zone or any zone where the only
interface to the network consists of SonicWALL SonicPoint devices. You typically use
WiFiSec to secure traffic in a Wireless zone. The Wireless security type is designed
specifically for use with SonicPoint devices. Placing an interface in a Wireless Zone
activates SDP (SonicWALL Discovery Protocol) and SSPP (SonicWALL Simple
Provisioning Protocol) on that interface for automatic discovery and provisioning of
SonicPoint devices. Only traffic that passes through a SonicPoint is allowed through a
Wireless zone; all other traffic is dropped.
interface to the network consists of SonicWALL SonicPoint devices. You typically use
WiFiSec to secure traffic in a Wireless zone. The Wireless security type is designed
specifically for use with SonicPoint devices. Placing an interface in a Wireless Zone
activates SDP (SonicWALL Discovery Protocol) and SSPP (SonicWALL Simple
Provisioning Protocol) on that interface for automatic discovery and provisioning of
SonicPoint devices. Only traffic that passes through a SonicPoint is allowed through a
Wireless zone; all other traffic is dropped.
•
Public: A Public security type offers a higher level of trust than an Untrusted zone, but a
lower level of trust than a Trusted zone. Public zones can be thought of as being a secure
area between the LAN (protected) side of the security appliance and the WAN
(unprotected) side. The DMZ, for example, is a Public zone because traffic flows from it to
both the LAN and the WAN. By default traffic from DMZ to LAN is denied. But traffic from
LAN to ANY is allowed. This means only LAN initiated connections will have traffic between
DMZ and LAN. The DMZ will only have default access to the WAN, not the LAN.
lower level of trust than a Trusted zone. Public zones can be thought of as being a secure
area between the LAN (protected) side of the security appliance and the WAN
(unprotected) side. The DMZ, for example, is a Public zone because traffic flows from it to
both the LAN and the WAN. By default traffic from DMZ to LAN is denied. But traffic from
LAN to ANY is allowed. This means only LAN initiated connections will have traffic between
DMZ and LAN. The DMZ will only have default access to the WAN, not the LAN.
•
Untrusted: The Untrusted security type represents the lowest level of trust. It is used by
both the WAN and the virtual Multicast zone. An Untrusted zone can be thought of as being
on the WAN (unprotected) side of the security appliance.By default, traffic from Untrusted
zones is not permitted to enter any other zone type without explicit rules, but traffic from
every other zone type is permitted to Untrusted zones.
both the WAN and the virtual Multicast zone. An Untrusted zone can be thought of as being
on the WAN (unprotected) side of the security appliance.By default, traffic from Untrusted
zones is not permitted to enter any other zone type without explicit rules, but traffic from
every other zone type is permitted to Untrusted zones.
Allow Interface Trust
The Allow Interface Trust setting in the Add Zone window automates the creation of Access
Rules to allow traffic to flow between the interface of a zone instance. For example, if the LAN
Zone has both the LAN and OPT interfaces assigned to it, checking Allow Interface Trust on
the LAN Zone creates the necessary Access Rules to allow hosts on these interfaces to
communicate with each other.
Rules to allow traffic to flow between the interface of a zone instance. For example, if the LAN
Zone has both the LAN and OPT interfaces assigned to it, checking Allow Interface Trust on
the LAN Zone creates the necessary Access Rules to allow hosts on these interfaces to
communicate with each other.
Enabling SonicWALL Security Services on Zones
You can enable SonicWALL Security Services for traffic across zones. For example, you can
enable SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN
zone to add more security for internal network traffic. You can enable the following SonicWALL
Security Services on zones:
enable SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN
zone to add more security for internal network traffic. You can enable the following SonicWALL
Security Services on zones:
•
Enforce Content Filtering Service - Enforces content filtering on multiple interfaces in the
same Trusted, Public and WLAN zones.
same Trusted, Public and WLAN zones.
•
Enforce Client Anti-Virus Service - Enforces anti-virus protection on multiple interfaces
in the same Trusted, Public or WLAN zones.
in the same Trusted, Public or WLAN zones.
•
Enable Gateway Anti-Virus - Enforces gateway anti-virus protection on multiple interfaces
in the same Trusted, Public or WLAN zones.
in the same Trusted, Public or WLAN zones.
•
Enable IPS - Enforces intrusion detection and prevention on multiple interfaces in the same
Trusted, Public or WLAN zones.
Trusted, Public or WLAN zones.