Definition of the security level of a security zone on the firewall

In a VPN instance, each security zone has a globally unique security priority. That is, two security zones with the same security priority do not exist in a VPN instance. The security level ranges from 1 to 100. A larger value indicates a higher security level.
By default, the device has four security zones, and their security levels are as follows:
1. The Untrust zone is a security zone with a low security level, namely, 5.
It is usually used to define insecure networks, such as the Internet.
2. The DMZ is a security zone with a medium security level, namely, 50.
It is usually used to define the zone where the intranet server resides. Devices of this type are deployed on the intranet but frequently accessed from the extranet, causing large security risks. In addition, they are not allowed to proactively access the extranet. Therefore, they are deployed in a zone whose security level is lower than Trust but higher than Untrust.
3. The Trust zone is a security zone with a relatively high security level, namely, 85.
It is usually used to define the zone where the intranet device users reside.
4. The Local zone is the security zone of the highest security level, namely, 100.
A local zone is a device itself, including interfaces on the device. All packets constructed on and proactively sent from the device are regarded as from the Local area; those to be responded and processed by the device (including the packets to be detected or directly forwarded) are regarded as to the Local zone. Users cannot change Local zone configurations, for example, adding interfaces to the Local zone.
You cannot delete a default security zone or reset its security level.
You can also create security zones and define their security levels as required.

Scroll to top