Basic wan & lan configuration, Security zones and objects, Security zones - overview – SonicWALL OS 2.x User Manual

Sonic OS 2.x Quick Start Guide

Basic WAN & LAN Configuration

Refer to the Sonicwall Quick Start Guide included on the product CD.

Security Zones and Objects

There are several new concepts introduced with SonicOS 2.x Enhanced firmware. In this section,
we’ll discuss the Security Zones and Objects. When configuring the new products, you will need to
define your Security Zones early in the setup process so that your rules, NAT entries, and objects
will be easier to work with.

Security Zones - Overview

Sonicwall’s fourth generation appliances extend the previous architecture beyond the LAN, WAN,
and DMZ. The new products, when loaded with the Enhanced firmware, have six user-definable
interfaces. The first two interfaces (X0 and X1) are fixed interfaces, permanently bound to the LAN
and WAN zones, respectively. The remaining four interfaces, X2-X5, can be configured and bound
to any Zone.

The multiple interfaces allow the user to segment their network into a more manageable, secure
infrastructure. It also allows the user to have multiple physical segments grouped together.
This concept of multiple segments, or interfaces, logically grouped together is called Security
Zones. The Security Zone permits the user to name the Zone in a user-friendly way and to write
security rules that apply to all the segments in a Zone, without needing to address each physical
interface individually. In our example, we have two interfaces (X1 and X2), used for WAN load-
balancing and failover. If we group the two interfaces in the WAN Zone, we will only need to write
one set of firewall rules that will apply regardless of which interface is active. This greatly
simplifies the firewall rule base. The pre-defined Security Zones are not modifiable and are defined
as follows:

WAN – This Zone can consist of either one or two interfaces. If using the WAN-WAN

capability, you need to add the second Internet interface to the WAN Zone.

LAN – This Zone can consist of one to five interfaces, depending on your network design.

Even though each interface will have a different network subnet attached to it, when
grouped together they can be managed as a single entity.

DMZ – This is the Demilitarized Zone you are probably familiar with from the existing

Sonicwall product line. This Zone is normally used for publicly accessible servers.
This Zone can consist of one to four interfaces, depending on you network design.

VPN -

This predefined Zone is used for simplifying secure, remote connectivity. It is the
only Zone that does not have an assigned physical interface.

NOTE –

Even though you may group interfaces together into one Security Zone, this does not
preclude you from addressing a single interface within the Zone.

2