Project

General

Profile

Actions

Feature #4165

closed

Allow for security zones when defining interfaces and firewall rules.

Added by Ryan H almost 10 years ago. Updated 8 months ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
12/31/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

I have experience using CheckPoint and PaloAlto appliances with "zone" features. This allows you to group networks\interfaces into security zones. These zones can be trusted, untrusted, vpn, etc... Instead of needing to block all additional trusted zones from your DMZ network when your intent is to allow traffic to the internet only, you can set the destination zone in the rule to "external" or "untrusted" resulting in the same policy but with a single rule. This makes policy creation and management much simpler while ensuring tight security and intended behavior. I know pfSense allows you to group interfaces and manage them in one common rule set, but the idea of zones is different and quickly being adopted across the industry. It closes up leaks that are commonly overlooked.


Files

sonicwallsetup2-1.png (36.2 KB) sonicwallsetup2-1.png Durwin Babb, 11/02/2023 06:08 PM
090210531592025.png (108 KB) 090210531592025.png Durwin Babb, 11/02/2023 06:12 PM
Actions

Also available in: Atom PDF