Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About This Document

Over the past decades, network security and policy enforcement have typically been applied to client traffic as it leaves the network. This approach usually relies on macrosegmentation through a firewall that controls traffic between VLANs and toward corporate VPNs or the internet. However, it does not protect against infected clients spreading malware to other devices within the same network or VLAN.

To mitigate these risks, microsegmentation is required to permit or deny traffic between clients within the same VLAN. Traditional approaches have included the use of private VLANs or VXLAN group-based policies. Private VLANs can be complex to manage, and VXLAN group-based policies are only supported in certain EVPN fabric designs. Both approaches also present challenges when integrating Wi-Fi clients.

Zero Trust Inline Segmentation enhances these capabilities by enabling simplified microsegmentation within the same VLAN in a distributed branch environment, addressing the limitations mentioned above. This Network Configuration Example provides an overview of how Zero Trust Inline Segmentation operates, offers integration recommendations, and includes configuration examples for reference.