Got it

Huawei Enterprise Support Community

Community Forums Security

Basics of security zones.

Basics of security zones.

Created: Jan 15, 2019 14:58:12Latest reply: Mar 3, 2019 09:51:10 1909 1 0 0 1

View the author ^1#

Hi, everyone! Today I’m going to introduce the basics of security zones.

The security zones techinques are to achieve the organization of different parts of the network that shall be organized by security policies and trustability in comon.

There are some Security Zones by default these are; Untrust, DMZ, Trust, and Local

Untrust (level 5): This is the lower security zone, with a level of 5, and is intended to be facing the place with the highest level of risk, such as the Internet.

DMZ (level 50): This is a place that, even though it normally has access to the Internet, it contains important services intended for the external network.

Trust Zone (level 85) Area in which the internal hosts are located

Local area (level 100) highest trust area, intended for the device itself.

Furthermore, customized zones may be created as follows:

How to configure:

Configuration is quite easy, it shall be done on system view, then create the zone, set the priority it will work with and add the interface(s) we need to be on it.

System-view

firewall zone [ name ] zone-name

set priority security-priority

add interface interface-type interface-number

description

So if specific parameters are needed it can be customized.

If you have any problems, please post them in our Community. We are happy to solve them for you!

x
convention：
Emotion(0)

Like (0) Dislike (0) Favorite(1) Report

 Previous: Integrated Routing and Bridging (IRB) on Huawei USG6320

Next: Some windows PC cannot access the SSL while using the same username and password for working windows PC

(0) (0)

^2#

MHME Created Mar 3, 2019 09:51:10

In the application of network security, if the network security device checks all packets one by one, a large number of resources are consumed and performance is severely degraded. Moreover, it is unnecessary to check all packets. Therefore, a packet check mechanism based on the security zone is brought forward in the network security field.

Then the network administrator can classify the network devices at the same security level into one security zone. Since the network devices in the same security zone are at the same security level, the USG considers that data flows in the same security zone bring no security risks and thus no security policy is required. The USG triggers the security check and implements security policies only on data flows between security zones.

All in all, in addition to the direct forwarding of packets, the USG supports creating security zones, and allows the network administrator to implement security check on special packets and enable the security function on the basis of security zones.

View more

x
convention：

Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:

Politically sensitive content
Content concerning pornography, gambling, and drug abuse
Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy

Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.

Please bind your phone number to obtain invitation bonus.