Using Zones

Firewall security zones add an extra, flexible layer of security. With zone-based security, administrators can group similar interfaces and apply the same policies to them rather than writing separate policies for each interface.

SonicOS zones allow the application of security policies to the internal network, enabling administrators to organize network resources into different zones and control traffic between them.

Zones enable full exposure of the NAT table, allowing administrators to control traffic across interfaces by managing the source and destination addresses as traffic moves from one zone to another. This means that NAT can be applied internally or across VPN tunnels. Security appliances can also direct VPN traffic through the NAT policy and zone policy, as VPNs are logically grouped into their own VPN zone. ​ ​

The security appliance has 7 predefined security zones that cannot be modified. The specific predefined zones depend on the device.

• LAN: This zone is normally used for trusted devices. ​
• WAN: This zone is normally used for the internet connection or external connections.​
• DMZ: This zone is normally used for publicly accessible servers.​
• VPN: The VPN zone does not have an assigned physical interface. It is used to apply a security policy to VPN traffic.​
• SSLVPN: This virtual zone is used for providing secure remote access using the SSL VPN NetExtender feature. All traffic from SSL VPN clients is treated as being sourced from the SSLVPN zone, which seamlessly integrates UTM security features for SSL VPN traffic. 
• MULTICAST: This zone provides support for IP multicasting.​
• WLAN: This Wireless LAN zone provides support for managing SonicWall wireless configuration through the firewall.

Each firewall also has a set of Zone defaults. See Default Zones.