Project

General

Profile

Feature #4165

Allow for security zones when defining interfaces and firewall rules.

Added by Ryan Haraschak over 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Rules/NAT
Target version:
-
Start date:
12/31/2014
Due date:
% Done:

0%

Estimated time:

Description

I have experience using CheckPoint and PaloAlto appliances with "zone" features. This allows you to group networks\interfaces into security zones. These zones can be trusted, untrusted, vpn, etc... Instead of needing to block all additional trusted zones from your DMZ network when your intent is to allow traffic to the internet only, you can set the destination zone in the rule to "external" or "untrusted" resulting in the same policy but with a single rule. This makes policy creation and management much simpler while ensuring tight security and intended behavior. I know pfSense allows you to group interfaces and manage them in one common rule set, but the idea of zones is different and quickly being adopted across the industry. It closes up leaks that are commonly overlooked.

History

#1 Updated by Chris Buechler over 3 years ago

  • Category set to Rules/NAT

Also available in: Atom PDF