Whether security zones of USG2000 and USG5000 series devices can be of the same level

3

The levels of different security zones cannot be the same.

Other related questions:
Whether security zones of the USG9000 series can be of the same level
The levels of different security zones cannot be the same.

Whether security zones of the USG6000 series can be of the same level
The levels of different security zones cannot be the same.

Definition of the security level of a security zone on the firewall
In a VPN instance, each security zone has a globally unique security priority. That is, two security zones with the same security priority do not exist in a VPN instance. The security level ranges from 1 to 100. A larger value indicates a higher security level. By default, the device has four security zones, and their security levels are as follows: 1. The Untrust zone is a security zone with a low security level, namely, 5. It is usually used to define insecure networks, such as the Internet. 2. The DMZ is a security zone with a medium security level, namely, 50. It is usually used to define the zone where the intranet server resides. Devices of this type are deployed on the intranet but frequently accessed from the extranet, causing large security risks. In addition, they are not allowed to proactively access the extranet. Therefore, they are deployed in a zone whose security level is lower than Trust but higher than Untrust. 3. The Trust zone is a security zone with a relatively high security level, namely, 85. It is usually used to define the zone where the intranet device users reside. 4. The Local zone is the security zone of the highest security level, namely, 100. A local zone is a device itself, including interfaces on the device. All packets constructed on and proactively sent from the device are regarded as from the Local area; those to be responded and processed by the device (including the packets to be detected or directly forwarded) are regarded as to the Local zone. Users cannot change Local zone configurations, for example, adding interfaces to the Local zone. You cannot delete a default security zone or reset its security level. You can also create security zones and define their security levels as required.

Types of security zones for the USG2000 and USG5000 series
The default security zones include Untrust, DMZ, Trust, and Local.

Security zone level restrictions on the USG series
The security level ranges from 1 to 100. The larger the value, the higher the security level. The VPN instance supports a maximum of 32 security zones, including four default zones, and each virtual firewall supports a maximum of eight security zones, including four default zones.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top