Skip to content

Network Zones

Network security zones offer a structured method for network segmentation (both physical and virtual) on the firewall. They streamline the control and logging of traffic traversing specific network interfaces. The setup of CyberEdge networking and security rely on network zones. In the firewall's policy rules, network security zones are crucial for identifying traffic sources and destinations. While communication within a single zone is permitted, interactions between different network zones require explicit security Access Policies for each zone pair. Within CyberEdge, all network connections are categorized into network zones.

Network Zone Configuration

The CyberEdge is pre-configured with 4 default network zones aimed to provide a solid foundation to begin your network configuration. The default network zones include:

  • Internet Zone: Designated for network connections commonly associated with WAN/Internet connections, the Internet zone is intended for configuring services typically provided by your ISP. Network connections configured within the Internet Zone are accessible to CyberEdge for both WAN load balancing and failover purposes.

  • Local Zone: The Local Zone designates a network segment (LAN) that typically includes devices and resources situated in a specific location. It is distinguished by localized connectivity and facilitates network access for devices such as computers, printers, and servers. For security Access Policies to take effect, traffic must traverse through different zones. See network connections for more information on adding configured networks to network zones.

  • DMZ: A DMZ is a network segment intentionally placed between an organization's internal network and an external network, often the internet. The core purpose of a DMZ is to enhance security by effectively isolating public-facing services from the internal network. By default, routing and firewall policies are enabled for traffic from this network zone

  • Management Zone: The Management Zone functions as a dedicated network segment for providing system administration access to CyberEdge. It also plays a crucial role in High Availability (HA) Cluster communication, including the replication of connection state.

Additional custom network zones can be established by network administrators as needed. Custom zones are commonly employed in larger networks that require increased segmentation. Each zone pair employs its own networks and Access Policy configurations.

To view a list of your network zones go to Networking > Zones.

Note

  • The default zones on the CyberEdge cannot be deleted
  • When creating a new custom zone, security Access Policies can be cloned from an existing zone pair to avoid significant rework of your security policies

Management Zone

The management zone governs network administrator access for CyberEdge management and enables network connectivity between two CyberEdge devices deployed in a High Availability (HA) cluster. Users do not have the ability to configure this zone.

Create a Network Zone

If your network requires additional segmentation, you may create additional network zones. To create a new network zone, navigate to:

  1. Networks > Zones > Add
  2. Add the following configuration details:
    • Name: The name of the zone. This name will be referenced throughout the user interface for the purposes of security polices, networking and permissions
    • Description: A description outlying what the zone is used for
    • Apply routing policies: Enable Apply routing policies if traffic from this zone requires routing policies to be applied
    • Allow traffic between subnets: Enable this if traffic should be allowed between network subnets within this zone
  3. Click “Save” and apply changes

The new zone will now be available for use with network connections and security Access Policies.

Modify a Network Zone

To modify an existing network zone navigate to:

  1. Networks > Zones > Zone > Edit
  2. Change the required details of the zone
  3. Click “Save” and apply changes

The zone name object will be updated for use through the management user interface.

Remove a Network Zone

Eliminating network zones can be a complex procedure, contingent upon your CyberEdge configuration. Prior to deleting a zone, it is essential to eliminate dependencies associated with the zone, such as configured networks within it. Additionally, be aware that executing this action will result in the deletion of any Access Policies configured for the corresponding Zone Pair. To remove a network zone, navigate to:

  1. Networks > Zones > Zone > Delete Icon
  2. Confirm the network zone to be deleted and ensure all pre-requisites are met.
  3. Click “Delete”
  4. Click “Save” and apply changes

Note

Prior to deleting a zone, it is essential to eliminate dependencies associated with the zone, such as any configured networks