Related Documentation
- LN Series
- Understanding Functional Zones
- Example: Creating Security Zones
- Understanding How to Control Inbound Traffic Based on Traffic Types
- SRX Series
- Understanding Functional Zones
- Example: Creating Security Zones
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Additional Information
- Security Zones and Interfaces Feature Guide for Security Devices
Security Zones and Interfaces Overview
Interfaces act as a doorway through which traffic enters and exits a Juniper Networks device. Many interfaces can share exactly the same security requirements; however, different interfaces can also have different security requirements for inbound and outbound data packets. Interfaces with identical security requirements can be grouped together into a single security zone.
A security zone is a collection of one or more network segments requiring the regulation of inbound and outbound traffic through policies.
Security zones are logical entities to which one or more interfaces are bound. With many types of Juniper Networks devices, you can define multiple security zones, the exact number of which you determine based on your network needs.
On a single device, you can configure multiple security zones, dividing the network into segments to which you can apply various security options to satisfy the needs of each segment. At a minimum, you must define two security zones, basically to protect one area of the network from the other. On some security platforms, you can define many security zones, bringing finer granularity to your network security design—and without deploying multiple security appliances to do so.
From the perspective of security policies, traffic enters into one security zone and goes out on another security zone. This combination of a from-zone and a to-zone is defined as a context. Each context contains an ordered list of policies. For more information on policies, see Security Policies Overview.
This topic includes the following sections:
Understanding Security Zone Interfaces
An interface for a security zone can be thought of as a doorway through which TCP/IP traffic can pass between that zone and any other zone.
Through the policies you define, you can permit traffic between zones to flow in one direction or in both. With the routes that you define, you specify the interfaces that traffic from one zone to another must use. Because you can bind multiple interfaces to a zone, the routes you chart are important for directing traffic to the interfaces of your choice.
An interface can be configured with an IPv4 address, IPv6 address, or both.
Related Documentation
- LN Series
- Understanding Functional Zones
- Example: Creating Security Zones
- Understanding How to Control Inbound Traffic Based on Traffic Types
- SRX Series
- Understanding Functional Zones
- Example: Creating Security Zones
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Additional Information
- Security Zones and Interfaces Feature Guide for Security Devices
