• SonicOS 7
• Zones
  • How Zones Work
  • Predefined Zones
  • Security Types
  • Allow Interface Trust
  • Enabling SonicWall Security Services on Zones
  • Effect of Wireless and Non-Wireless Controller Modes
    • Effects of Enabling Non-Wireless Controller Mode
    • Effects of Enabling Wireless Controller Mode
  • Match Objects > Zones
    • The Zone Settings Table
    • Adding a New Zone
    • Configuring a Zone for Guest Access
    • Configuring a Zone for Open Authentication and Social Login
    • Configuring a Zone for Captive Portal Authentication with RADIUS
    • Configuring a Zone for Customized Policy Message
    • Configuring a Zone for Customized Login Page
    • Configuring the WLAN Zone
    • Configuring the RADIUS Server
    • Configuring DPI-SSL Granular Control per Zone
    • Enabling Automatic Redirection to the User-Policy Page
    • Deleting a Zone
• Addresses
  • Types of Address Objects
  • About Address Groups
  • About UUIDs for Address Objects and Groups
  • Addresses Page
    • Common Features
      • Common Functions
      • Common Column Headings
    • Sorting the Entries
  • Default Address Objects and Groups
  • Default Pref64 Address Object
  • Default Rogue Address Groups
  • Adding an Address Object
  • Editing Address Objects
  • Deleting Custom Address Objects
  • Purging MAC or FQDN Address Objects
  • Creating Address Groups
  • Editing Address Groups
  • Deleting Address Groups
  • Working with Dynamic Address Objects
    • Key Features of Dynamic Address Objects
    • Enforcing the Use of Sanctioned Servers on the Network
    • Using MAC and FQDN Dynamic Address Objects
      • Blocking All Protocol Access to a Domain using FQDN DAOs
      • Using an Internal DNS Server for FQDN-based Access Rules
      • Controlling a Dynamic Host’s Network Access by MAC Address
      • Bandwidth Managing Access to an Entire Domain
• Services
  • About Default Service Objects and Groups
  • Predefined IP Protocols for Custom Service Objects
  • Adding Service Objects using Predefined Protocols
  • Adding Custom IP Type Services
    • Configuration Example
  • Editing Custom Service Objects
  • Deleting Custom Service Objects
  • Adding Custom Service Groups
  • Editing Custom Service Groups
  • Deleting Custom Service Groups
• URI Lists
  • About URIs and the URI List
  • About URI List Groups
  • About Keywords and the Keyword List
  • Matching URI List Objects
  • Using URI List Objects
  • Managing URI List Objects
    • About the URI List Objects Table
    • Configuring URI List Objects
    • Exporting a URI List Object
    • Editing a URI List Object
    • Deleting URI List Objects
  • Managing URI List Groups
    • About the URI List Groups Table
    • Adding URI List Groups
    • Editing a URI List Group
    • Deleting URI List Groups
• Match Objects
  • About Match Objects
    • About Regular Expressions
      • Regular Expression Syntax
    • About Negative Matching
  • About Application List Objects
    • About Application Filters
    • About Category Filters
  • Configuring a Match Object
  • Configuring Application List Objects
• Schedules
  • Adding a Custom Schedule
  • Modifying Schedules
  • Deleting Custom Schedules
• Dynamic Group
  • About the Dynamic External Address Group File
  • DEAG and DEAO Maximums
  • High Availability Requirements
  • Adding a Dynamic External Object
  • Editing Dynamic External Objects
  • Deleting Dynamic External Objects
• Email Addresses
  • Configuring Email Address Objects
• SonicWall Support
  • About This Document

Adding a New Zone

To add a new zone

1. Navigate to Object > Match Objects > Zones.

2. Click the Add icon.

   

3. Type a name for the new zone in the Name field.

4. From Security Type, select:

   Trusted	Zones with the highest level of trust, such as internal LAN segments.
   Public	Zones with a lower level of trust requirements, such as a DMZ interface.
   Wireless	WLAN interface.
   SSLVPN	Interfaces on which Content Filtering, Client AV enforcement, and Client CF services are enabled. Selecting this security type disables the Enable SSLVPN Access and Create Group VPN options on this dialog.

5. To allow intra-zone communications, select Allow Interface Trust. An Access Rule allowing traffic to flow between the interfaces of a Zone instance is created automatically. This option is selected by default.

6. To have SonicOS automatically generate access rules to allow traffic between this zone and other zones of equal trust, select Auto-generate Access Rules to allow traffic between zones of the same trust level. For example, CUSTOM_LAN -> CUSTOM _LAN or CUSTOM_LAN -> LAN. This option is selected by default.

   For this option and the following Access Rules options, see SonicOS Policies for information about Access Rules.

7. To have SonicOS automatically generate access rules to allow traffic between this zone and other zones of lower trust, select Auto-generate Access Rules to allow traffic to zones with lower trust level. For example, CUSTOM_LAN -> WAN or CUSTOM_LAN -> DMZ. This option is selected by default.
8. To have SonicOS automatically generate access rules to allow traffic between this zone and other zones of higher trust, select Auto-generate Access Rules to allow traffic from zones with higher trust level. For example, LAN -> CUSTOM_DMZ or CUSTOM_LAN -> CUSTOM_DMZ. This option is selected by default.
9. To have SonicOS automatically generate access rules to deny traffic between this zone and zones of lower trust, select Auto-generate Access Rules to deny traffic from zones with lower trust level. For example, WAN -> CUSTOM_LAN or DMZ -> CUSTOM_LAN. This option is selected by default.

10. To enforce managed Client Anti-Virus protection on clients connected to multiple interfaces in the same Trusted, Public, or WLAN zones using the Client Anti-Virus client on your network hosts, select Enable Client AV Enforcement Service. This option is not selected by default.

    This option is dimmed and unavailable until you select a security type from Security Type. For this option and the following Security Services options, see SonicOS Security Configuration for more information about these services.

11. To enforce enhanced NGAV (Next Generation AV) such as DPI-SSL Enforcement or SentinelOne AV enforcement, select Enable DPI-SSL Enforcement Service. This option is not selected by default. For more information about NGAV, see SonicOS Security Configuration.

12. To enable SSLVPN secure remote access on the zone, select Enable SSLVPN Access. This option is not selected by default.

    This option is dimmed if SSLVPN is selected for Security Type.

13. To create a SonicWall Group VPN Policy for this zone automatically, select Create Group VPN. You can customize the Group VPN Policy in Network > SSLVPN > Server Settings. This option is not selected by default. This option is available until SSLVPN is selected for Security Type, but after the Security Type is changed to one of the other types, it remains dimmed and unavailable.

    Disabling Create Group VPN removes any corresponding Group VPN policy.

    This option is dimmed if SSLVPN is selected for Security Type. For more information about connectivity options, see SonicOS Connectivity for more information.

    Disabling Group VPN for WAN/WLAN VPN policies, deletes all VPN policies. Re-enabling the Create Group VPN option automatically creates a new, enabled VPN policy. Disabling VPN policies globally does not also delete auto-rules. If you do not want to VPN polices at all, globally disable VPN, and then delete all policies that correlate with VPN.

    GroupVPN policies appear in the VPN Policies table located in Network > SSLVPN > Server Settings. WAN/WLAN GroupVPN policies are disabled by default when the firewall is booted with the factory default.

14. To enable SSL Control on the zone, select Enable SSL Control. All new SSL connections initiated from that zone are now subject to inspection. This option is not selected by default.

    SSL Control must first be enabled globally on Policy > Firewall > SSL Control.

15. To enforce gateway anti-virus protection on your Security Appliance for all clients connecting to this zone, select Enable Gateway Anti-Virus Service. SonicWall Gateway Anti-Virus manages the anti-virus service on the Security Appliance. This option is not selected by default.
16. To enforce intrusion detection and prevention on multiple interfaces in the same Trusted, Public, or WLAN zones. select Enable IPS. This option is not selected by default.
17. To enforce anti-spyware detection and prevention on multiple interfaces in the same Trusted or Public security type for WLAN zones, select Enable Anti-Spyware Service. This option is not selected by default.
18. To enforce application control policy services on multiple interfaces in the same Trusted or Public security type for WLAN zones, select Enable App Control Service. This option is not selected by default. For more information about App Control, see SonicOS Policies.
19. To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL clients, select Enable SSL Client Inspection. This option is not selected by default.
20. To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL servers, select Enable SSL Server Inspection. This option is not selected by default.
21. Click Save. The new zone is now added to the Security Appliance.