vGW Series and SRX Series Security Zones

This topic includes the following sections:

About SRX Series Services Gateway Security Zones

A security zone is a collection of one or more network segments on SRX Series devices requiring the regulation of inbound and outbound traffic through policies.

Security zones are logical entities to which one or more interfaces on the SRX Series device are bound.

On a single SRX Series device, you can configure multiple security zones, dividing the network into segments to which you can apply various security options to satisfy the needs of each segment. You can define many security zones, bringing finer granularity to your physical network security design—and without deploying multiple security appliances to do so.

From the perspective of security policies, traffic enters into one security zone and goes out on another security zone. This combination of a from-zone and a to-zone is defined as a context. Each context contains an ordered list of policies.

SRX Series devices support many types of security zones.

SRX Series Services Gateway Zones and the vGW Series

vGW Series zone synchronization feature provides an automated way to link the vGW Series virtualized security layer with the SRX Series Services Gateway physical device and network security.

vGW Series zone feature simplifies VM-to-zone mapping by importing into the virtualized environment zones configured on SRX Series devices.

You can use these zone assignments to:

The process that the vGW Series undertakes to synchronize SRX Series zones with VMs consists of a number of steps, including defining:

vGW Series also validates that Smart Groups dynamically associated with each VM are associated with the appropriate zone. This process allows for policy enforcement between vGW Series VMs and SRX Series zone compliance validations.

Related Documentation