• SonicOS 7
• Zones
  • How Zones Work
  • Predefined Zones
  • Security Types
  • Allow Interface Trust
  • Enabling SonicWall Security Services on Zones
  • Effect of Wireless and Non-Wireless Controller Modes
    • Effects of Enabling Non-Wireless Controller Mode
    • Effects of Enabling Wireless Controller Mode
  • Match Objects > Zones
    • The Zone Settings Table
    • Adding a New Zone
    • Configuring a Zone for Guest Access
    • Configuring a Zone for Open Authentication and Social Login
    • Configuring a Zone for Captive Portal Authentication with RADIUS
    • Configuring a Zone for Customized Policy Message
    • Configuring a Zone for Customized Login Page
    • Configuring the WLAN Zone
    • Configuring the RADIUS Server
    • Configuring DPI-SSL Granular Control per Zone
    • Enabling Automatic Redirection to the User-Policy Page
    • Deleting a Zone
• Addresses
  • Types of Address Objects
  • About Address Groups
  • About UUIDs for Address Objects and Groups
  • Addresses Page
    • Common Features
      • Common Functions
      • Common Column Headings
    • Sorting the Entries
  • Default Address Objects and Groups
  • Default Pref64 Address Object
  • Default Rogue Address Groups
  • Adding an Address Object
  • Editing Address Objects
  • Deleting Custom Address Objects
  • Purging MAC or FQDN Address Objects
  • Creating Address Groups
  • Editing Address Groups
  • Deleting Address Groups
  • Working with Dynamic Address Objects
    • Key Features of Dynamic Address Objects
    • Enforcing the Use of Sanctioned Servers on the Network
    • Using MAC and FQDN Dynamic Address Objects
      • Blocking All Protocol Access to a Domain using FQDN DAOs
      • Using an Internal DNS Server for FQDN-based Access Rules
      • Controlling a Dynamic Host’s Network Access by MAC Address
      • Bandwidth Managing Access to an Entire Domain
• Services
  • About Default Service Objects and Groups
  • Predefined IP Protocols for Custom Service Objects
  • Adding Service Objects using Predefined Protocols
  • Adding Custom IP Type Services
    • Configuration Example
  • Editing Custom Service Objects
  • Deleting Custom Service Objects
  • Adding Custom Service Groups
  • Editing Custom Service Groups
  • Deleting Custom Service Groups
• URI Lists
  • About URIs and the URI List
  • About URI List Groups
  • About Keywords and the Keyword List
  • Matching URI List Objects
  • Using URI List Objects
  • Managing URI List Objects
    • About the URI List Objects Table
    • Configuring URI List Objects
    • Exporting a URI List Object
    • Editing a URI List Object
    • Deleting URI List Objects
  • Managing URI List Groups
    • About the URI List Groups Table
    • Adding URI List Groups
    • Editing a URI List Group
    • Deleting URI List Groups
• Match Objects
  • About Match Objects
    • About Regular Expressions
      • Regular Expression Syntax
    • About Negative Matching
  • About Application List Objects
    • About Application Filters
    • About Category Filters
  • Configuring a Match Object
  • Configuring Application List Objects
• Schedules
  • Adding a Custom Schedule
  • Modifying Schedules
  • Deleting Custom Schedules
• Dynamic Group
  • About the Dynamic External Address Group File
  • DEAG and DEAO Maximums
  • High Availability Requirements
  • Adding a Dynamic External Object
  • Editing Dynamic External Objects
  • Deleting Dynamic External Objects
• Email Addresses
  • Configuring Email Address Objects
• SonicWall Support
  • About This Document

Zones

A zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following strict physical interface scheme. Zone-based security is a powerful and flexible method of managing both internal and external network segments, allowing the administrator to separate and protect critical internal network resources from unapproved access or attack.

A network security zone is simply a logical method of grouping one or more interfaces with friendly, user-configurable names, and applying security rules as traffic passes from one zone to another zone. Security zones provide an additional, more flexible, layer of security for the firewall. With the zone-based security, the administrator can group similar interfaces and apply the same policies to them, instead of having to write the same policy for each interface. For more information on configuring interfaces, see Network > Interfaces.

SonicOS zones allows you to apply security policies to the inside of the network. This allows you to do this by organizing network resources to different zones, and allowing or restricting traffic between those zones. This way, access to critical internal resources, such as payroll servers or engineering code servers, can be strictly controlled.

Zones also allow full exposure of the NAT table to allow you control over the traffic across the interfaces by controlling the source and destination addresses as traffic crosses from one zone to another. This means that NAT can be applied internally, or across VPN tunnels, which is a feature that users have long requested. Firewalls can also drive VPN traffic through the NAT policy and zone policy, because VPNs are now logically grouped into their own VPN zone.

• How Zones Work
• Predefined Zones
• Security Types
• Allow Interface Trust
• Enabling SonicWall Security Services on Zones