Configuring Zones

A Zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following a strict physical interface scheme. There are four fixed Zone types: Trusted, Untrusted, Public, and Encrypted. Trusted is associated with LAN Zones. These fixed Zone types cannot be modified or deleted. A Zone instance is created from a Zone type and named accordingly, such as Sales, Finance, and so on.

Only the number of interfaces limits the number of Zone instances for Trusted and Untrusted Zone types. The Untrusted Zone type (such as the WAN) is restricted to two Zone instances. The Encrypted Zone type is a special system Zone comprising all VPN traffic and does not have any associated interfaces.

Trusted and Public Zone types offer an option, Interface Trust, to automate the creation of Access Rules to allow traffic to flow between the Interfaces of a Zone instance. For example, if the LAN Zone has interfaces X0, X3, and X5 assigned to it, checking Allow Interface Trust on the LAN Zone creates the necessary Access Rules to allow hosts on these Interfaces to communicate with each other.

To add or edit a Zone, complete the following steps:

1	Select the global icon, a group, or a SonicWALL appliance.

2	Expand the Network tree and click Zones. The Zones page displays.

 

3	Click the Edit Icon () for a Zone or click Add New Zone.

The Edit Zone or Add Zone dialog box displays.

 

4	If this is a new Zone, enter a name for the Zone.

5	Select the Security Type.

6	To configure the SonicWALL appliance to automatically create the rules that allow data to freely flow between interfaces in the same Zone, select Allow Interface Trust.

7	To enforce content filtering on multiple interfaces in the same Trusted or Public Zones, select Enforce Content Filtering Service.

8

For appliances running SonicOS Enhanced 4.0 or above, if the selected node is a group or global node, or if the selected appliance is licensed for SonicWALL CFS Premium, select a predefined CFS policy or the default policy from the CFS Policy pull-down list. The pull-down list is only populated if Enforce Content Filtering Service is enabled. It is not available for the WAN zone.

9	To enforce network anti-virus protection on multiple interfaces in the same Trusted or Public Zones, select Enforce Network Anti-Virus Service.

10	To enforce gateway anti-virus protection on multiple interfaces in the same Trusted or Public Zones, select Enable Gateway Anti-Virus Service.

11	To enforce Intrusion Prevention Services (IPS) on multiple interfaces in the same Trusted or Public Zones, select Enable IPS.

12	To enable Anti-Spyware on the zone, select Enable Anti-Spyware Service.

13	To enforce security policies for Global Security Clients on multiple interfaces in the same Trusted or Public Zones, select Enforce Global Security Clients.

14	To automatically create a GroupVPN policy for this zone, select Create Group VPN.

15	For appliances running SonicOS Enhanced 4.0 or above, select Enable SSL Control to allow SSL Control in this zone. This check box is not active for the VPN or Multicast zones.

16	For WLAN zones, see for information about configuring settings on the other tabs. For all other zones, click Update when you are finished. The Zone is modified or added for selected SonicWALL appliance. To clear all settings and start over, click Reset.

Configuring Guest Services on Non-Wireless Zones

Trusted and Public Zone types offer the ability to configure guest services.

To configure Guest Services on a non-wireless zone, complete the following steps:

1	When the Security Type for a zone is selected as either Trusted or Public, the Guest Services tab displays.

 

2	Select Enable Guest Services.

3	Configure any of the following options:

– Enforce Guest Login over HTTPS—Requires guests to use HTTPS instead of HTTP to access the guest services.

– Enable inter-guest communication—Allows guests connecting to SonicPoints in this Zone to communicate directly and wirelessly with each other.

– Bypass AV Check for Guests—Allows guest traffic to bypass Anti-Virus protection.

– Enable External Guest Authentication—Requires guests connecting from the device or network you select to authenticate before gaining access. This feature, based on Lightweight Hotspot Messaging (LHM) is used for authenticating Hotspot users and providing them parametrically bound network access.

NOTE: Refer to the SonicWALL Lightweight Hotspot Messaging tech note available at the SonicWALL documentation Web site https://support.software.dell.com/download/downloads?id=5447759 for complete configuration of the Enable External Guest Authentication feature.

– Custom Authentication Page—Redirects you to a custom authentication page when you first connect to the zone. Click Configure to set up the custom authentication page. Enter either a URL to an authentication page or a custom challenge statement in the text field, and click OK.

– Post Authentication Page—Directs you to the page you specify immediately after successful authentication. Enter a URL for the post-authentication page in the field.

– Bypass Guest Authentication—Allows the appliance to integrate into environments already using some form of user-level authentication. This feature automates the Guest Services authentication process, allowing you to reach Guest Services resources without requiring authentication. This feature should only be used when unrestricted Guest Services access is desired, or when another device upstream of the appliance is enforcing authentication.

– Redirect SMTP traffic to—Redirects SMTP traffic incoming on this zone to an SMTP server you specify. Select the address object from which to redirect traffic.

– Deny Networks—Blocks traffic from the networks you name. Select the subnet, address group, or IP address from which to block traffic.

– Pass Networks—Automatically allows traffic through the zone from the networks you select.

– Max Guests—Specifies the maximum number of guest users allowed to connect to the zone. The default is 10.

4	Click OK to apply these settings to the zone.