Functions of a firewall zone

5

The major function of a firewall zone is to isolate various services and to control interzone service access with interzone policies.

Other related questions:
Assigning a firewall interface to the Local zone
You cannot assign a firewall interface to the Local zone.

Definition of the security level of a security zone on the firewall
In a VPN instance, each security zone has a globally unique security priority. That is, two security zones with the same security priority do not exist in a VPN instance. The security level ranges from 1 to 100. A larger value indicates a higher security level. By default, the device has four security zones, and their security levels are as follows: 1. The Untrust zone is a security zone with a low security level, namely, 5. It is usually used to define insecure networks, such as the Internet. 2. The DMZ is a security zone with a medium security level, namely, 50. It is usually used to define the zone where the intranet server resides. Devices of this type are deployed on the intranet but frequently accessed from the extranet, causing large security risks. In addition, they are not allowed to proactively access the extranet. Therefore, they are deployed in a zone whose security level is lower than Trust but higher than Untrust. 3. The Trust zone is a security zone with a relatively high security level, namely, 85. It is usually used to define the zone where the intranet device users reside. 4. The Local zone is the security zone of the highest security level, namely, 100. A local zone is a device itself, including interfaces on the device. All packets constructed on and proactively sent from the device are regarded as from the Local area; those to be responded and processed by the device (including the packets to be detected or directly forwarded) are regarded as to the Local zone. Users cannot change Local zone configurations, for example, adding interfaces to the Local zone. You cannot delete a default security zone or reset its security level. You can also create security zones and define their security levels as required.

What are the functions for setting protection zones on the VCN3000?
A protection zone is an area that consists of associated alarm sources and alarm output devices. Users can enable and disable the devices in the protection zone and set alarm linkage policies for the protection zone. When an alarm source generates an alarm in the protection zone, surveillance personnel can invoke devices in the protection zone to handle the alarm promptly. When an alarm is generated, the system automatically responds based on the preset alarm linkage rule, such as recording video and taking snapshots. This helps users handle the alarm promptly.

License functions on firewalls
The license definition is as follows: A license is an agreement made by and between a supplier and a customer on authorizing or being authorized the usage scope and time limit of the sold or bought product. A license can dynamically control features of products available for a customer. A license is an agreement in which the supplier authorizes the customers to use certain functions, resources, and upgrade services of the purchased products before expiry. Physically, a license consists of a license certificate and a license file. -A license certificate is issued by a supplier to a customer who purchased the license, for activating the license. The license certificate contains Contract No., Activation Password, and license content. -A license file is a .dat file provided for the customer after the license is activated. The customer needs to load the license file on a device or software to use the related functions.

Function of stateful inspection configured on firewalls
The function of stateful inspection configured on firewalls is as follows: Using stateful inspection, a firewall checks the validity of the link status of packets and discards the packets with invalid link status. Stateful inspection takes effect on both common packets and inner packets (decapsulated VPN packets). When the firewall is the only egress of a network, all packets are forwarded through the firewall. In this case, both incoming and outgoing packets pass through the firewall. You can enable stateful inspection on the firewall to secure services.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top