SonicOS 7.0 Objects
- SonicOS 7.0
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object Viewer
- SonicWall Support
Adding a New Zone in Classic Mode
To add a new zone
- Navigate to OBJECT | Match Objects > Zones.
-
Click the Add Zone icon.
The Zone Settings page enables the below listed options by the default on the General tab, but these comes into effect only when Allow Interface Trust is enabled.
- Auto-generate Access Rules to allow traffic between zones of the same trust level
- Auto-generate Access Rules to allow traffic to zones with lower trust level
- Auto-generate Access Rules to allow traffic from zones with higher trust level
- Auto-generate Access Rules to deny traffic from zones with lower trust level
- Type a Name for the new zone.
-
Select the Security Type.
Trusted To create a zone with the highest level of trust, such as internal LAN segments. Public To create a zone with a lower level of trust requirements, such as a DMZ interface. Wireless To create a zone for WLAN interface. SSLVPN To create a zone for interfaces on which Content Filtering, Client AV enforcement, and Client CF services are enabled.
Enable SSLVPN Access and Create Group VPN options are not available for SSLVPN Security Type.
-
Enable Allow Interface Trust to allow intra-zone communications.
An Access Rule allowing traffic to flow between the interfaces of a Zone instance is created automatically.
-
Set the toggle keys to generate access rules automatically as required.
- By the default, these options are enabled.
- For more information, refer to Access Rules section in SonicOS 7.0 Rules and Policies Administration Guide for Classic Mode.
Toggle key To allow traffic between Example Auto-generate Access Rules to allow traffic between zones of the same trust level This zone and other zones of equal trust CUSTOM_LAN > CUSTOM _LAN or CUSTOM_LAN > LAN Auto-generate Access Rules to allow traffic to zones with lower trust level. This zone and other zones of lower trust CUSTOM_LAN > WAN or CUSTOM_LAN > DMZ Auto-generate Access Rules to allow traffic from zones with higher trust level. This zone and other zones of higher trust LAN > CUSTOM_DMZ or CUSTOM_LAN > CUSTOM_DMZ Auto-generate Access Rules to deny traffic from zones with lower trust level This zone and zones of lower trust WAN > CUSTOM_LAN or DMZ > CUSTOM_LAN -
Set the toggle keys for security services as required.
Toggle key Security Service Enable SSLVPN Access To enable SSL VPN secure remote access on the zone.
Enable SSL Control To enable SSL Control on the zone. All new SSL connections initiated from the zone are now subject to inspection.
Make sure that the SSL Control is enabled globally on NETWORK | Firewall > SSL Control page.
Create Group VPN To create a SonicWall Group VPN Policy for this zone automatically.
You can view and customize the Group VPN Policy in NETWORK | SSLVPN > Server Settings page.
-
- Enable SSLVPN Access option is not available if SSLVPN is selected as Security Type.
-
- The Create Group VPN option is available until SSLVPN is selected as Security Type. If the Security Type is changed to any other type, the Create Group VPN option becomes available.
Disabling Create Group VPN removes any corresponding Group VPN policy.
Disabling Group VPN for WAN or WLAN VPN policies, deletes all VPN policies. Re-enabling the Create Group VPN option automatically creates a new, enabled VPN policy. Disabling VPN policies globally does not delete auto-rules. If you do not want VPN policies at all, globally disable VPN, and delete all policies that correlate with VPN.
WAN or WLAN Group VPN policies are disabled by the default when the firewall is booted with the factory default.
For more information about connectivity options, refer to the SonicOS Connectivity.
Enable Gateway Anti-Virus Service To enforce gateway anti-virus protection on your Security Appliance for all clients connecting to this zone.
SonicWall Gateway Anti-Virus manages the anti-virus service on the Security Appliance.
Enable IPS To enforce intrusion detection and prevention on multiple interfaces in the same Trusted, Public, or WLAN zones.
Enable Anti-Spyware Service To enforce anti-spyware detection and prevention on multiple interfaces in the same Trusted or Public security type for WLAN zones. Enable App Control Service To enforce application control policy services on multiple interfaces in the same Trusted or Public security type for WLAN zones.
For more information about App Control, refer to SonicOS 7.0 Rules and Policies Administration Guide for Classic Mode.
Enable SSL Client Inspection To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL clients. Enable SSL Server Inspection To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL servers. -
-
Click Save.
The new zone is now added to the Security Appliance.
Was This Article Helpful?
Help us to improve our support portal