Configuring Zones and Zone Properties in ScreenOS Devices Overview
The Zone screen is where you can configure predefined zones or create user-defined security zones. You can also create a tunnel zone, which is a logical segment to which a VPN tunnel interface is bound.
A security device supports two types of zones:
- Security zone—A Layer 3 security zone binds to NAT
or Route mode interfaces; a Layer 2 security zone binds to Transparent
mode interfaces.
Note: When you add a device and configure it to operate in Transparent mode, the L2 zone names appear in the NSM UI without the “ V1-” prefix. When you update the configuration on the device from the UI, the correct L2 zone names are configured.
- Tunnel zone—A zone that binds to a carrier zone.
To add a zone to a security device, in the device navigation tree, select Network > Zone and add the desired zone. For Security Zones, you might define the name of the zone and the virtual router in which you want to place the zone; For tunnel zones, you must also specify the carrier zone, which is the security zone with which the tunnel zone is logically associated. A carrier zone provides firewall protection to the encapsulated traffic.
For more information about zones on security devices, refer to the Concepts & Examples ScreenOS Reference Guide: Fundamentals.
You can configure general properties and SCREEN attack protection for predefined or custom Security Zones.
Zone General Properties
For predefined zones, some general properties are already configured for you, such as the Name and Virtual Router settings. For custom security zones, you can enter a name and select the virtual router that handles traffic to and from the new zone.
For both predefined and custom zones, you can configure the settings as described in Table 1.
Table 1: Zone General Properties
