Default Zones

Each firewall also has a set of Zone defaults:

• LAN – The default interface is X0.​

  Outbound traffic is allowed to any other zone; Inbound traffic is allowed from DMZ and VPN.​

• WAN – The default interface is X1.​

  Outbound traffic is allowed to this zone from all other zones; inbound traffic is blocked from this zone to all other zones.​

• VPN – There is no default physical interface for VPN.​

  Outbound traffic is allowed to any zone except the WLAN; inbound traffic is allowed from the LAN and DMZ only.​

• WLAN – There can be multiple physical interfaces or multiple VLANS & VAPs.​

  Outbound traffic is allowed to the WAN only; Inbound traffic is allowed from the LAN or DMZ.​

• DMZ – Multiple physical interfaces can be assigned.​

  Outbound traffic is allowed to the WAN & VPN for remote access networks only; Inbound traffic is allowed from any zone except the WAN (WAN access via access rules).

Default zones include auto-generated firewall rules.

By default, SonicWall does not suppress auto-added access rules, leading to either restriction or allowance of access between zones. In environments with multiple zones, this can create a significant number of access rules. For more information refer to this KB article Auto-added access rules on the SonicWall can be disabled.