Справочник Пользователя для SonicWALL 5.8.1
Network > Zones
286
SonicOS 5.8.1 Administrator Guide
•
Public: A Public security type offers a higher level of trust than an Untrusted zone, but a
lower level of trust than a Trusted zone. Public zones can be thought of as being a secure
area between the LAN (protected) side of the security appliance and the WAN
(unprotected) side. The DMZ, for example, is a Public zone because traffic flows from it to
both the LAN and the WAN. By default traffic from DMZ to LAN is denied. But traffic from
LAN to ANY is allowed. This means only LAN initiated connections will have traffic between
DMZ and LAN. The DMZ will only have default access to the WAN, not the LAN.
lower level of trust than a Trusted zone. Public zones can be thought of as being a secure
area between the LAN (protected) side of the security appliance and the WAN
(unprotected) side. The DMZ, for example, is a Public zone because traffic flows from it to
both the LAN and the WAN. By default traffic from DMZ to LAN is denied. But traffic from
LAN to ANY is allowed. This means only LAN initiated connections will have traffic between
DMZ and LAN. The DMZ will only have default access to the WAN, not the LAN.
•
Untrusted: The Untrusted security type represents the lowest level of trust. It is used by
both the WAN and the virtual Multicast zone. An Untrusted zone can be thought of as being
on the WAN (unprotected) side of the security appliance.By default, traffic from Untrusted
zones is not permitted to enter any other zone type without explicit rules, but traffic from
every other zone type is permitted to Untrusted zones.
both the WAN and the virtual Multicast zone. An Untrusted zone can be thought of as being
on the WAN (unprotected) side of the security appliance.By default, traffic from Untrusted
zones is not permitted to enter any other zone type without explicit rules, but traffic from
every other zone type is permitted to Untrusted zones.
Note
When creating custom zones, the security type can be set to either Trusted, Public, or
Wireless.
Wireless.
Allow Interface Trust
The Allow Interface Trust setting in the Add Zone window automates the creation of Access
Rules to allow traffic to flow between the interface of a zone instance. For example, if the LAN
zone has both the LAN and X3 interfaces assigned to it, checking Allow Interface Trust on
the LAN zone creates the necessary Access Rules to allow hosts on these interfaces to
communicate with each other.
Rules to allow traffic to flow between the interface of a zone instance. For example, if the LAN
zone has both the LAN and X3 interfaces assigned to it, checking Allow Interface Trust on
the LAN zone creates the necessary Access Rules to allow hosts on these interfaces to
communicate with each other.
Enabling SonicWALL Security Services on Zones
You can enable SonicWALL Security Services for traffic across zones. For example, you can
enable SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN
zone to add more security for internal network traffic. You can enable the following SonicWALL
Security Services on zones:
enable SonicWALL Intrusion Prevention Service for incoming and outgoing traffic on the WLAN
zone to add more security for internal network traffic. You can enable the following SonicWALL
Security Services on zones:
•
Enforce Content Filtering Service – Enforces content filtering on multiple interfaces in the
same Trusted, Public and WLAN zones. After enabling this, select the appropriate CFS
Policy in the pulldown menu.
same Trusted, Public and WLAN zones. After enabling this, select the appropriate CFS
Policy in the pulldown menu.
•
Enforce Client AV Enforcement Service – Enforces anti-virus protection on multiple
interfaces in the same Trusted, Public or WLAN zones.
interfaces in the same Trusted, Public or WLAN zones.
•
Enable Gateway Anti-Virus Service – Enforces gateway anti-virus protection on multiple
interfaces in the same Trusted, Public or WLAN zones.
interfaces in the same Trusted, Public or WLAN zones.
•
Enable IPS – Enforces intrusion detection and prevention on multiple interfaces in the
same Trusted, Public or WLAN zones.
same Trusted, Public or WLAN zones.
•
Enable App Control Service – Enforces App Control to create network policy object-based
control rules to filter network traffic flows.
control rules to filter network traffic flows.
•
Enable Anti-Spyware Service – Enforces anti-spyware detection and prevention on
multiple interfaces in the same Trusted, Public or WLAN zones.
multiple interfaces in the same Trusted, Public or WLAN zones.
•
Enforce Global Security Clients – Requires users on this zone to use the Global Security
client for desktop security.
client for desktop security.
•
Create Group VPN – Creates a GroupVPN policy for the zone, which is displayed in the
VPN Policies table on the VPN > Settings page. You can customize the GroupVPN policy
on the VPN > Settings page. If you uncheck Create Group VPN, the GroupVPN policy is
removed from the VPN > Settings page.
VPN Policies table on the VPN > Settings page. You can customize the GroupVPN policy
on the VPN > Settings page. If you uncheck Create Group VPN, the GroupVPN policy is
removed from the VPN > Settings page.