cisco.com/en/US/products/sw/secursw/ps1018/products_white_paper0900aecd806f31f9.shtml.
Security Zones
Security Zones establish the security boundaries of the network where traffic is subjected to policy restrictions
as it crosses to another region within the network.
As shown in Figure 5-7, a zone can have one or more interface(s) assigned to it. This example shows a Cisco
IOS Firewall router with four interfaces and three zones:
Interface #1 connected to the Public Internet zone
Interfaces #2 and #3 connected to a Private zone connecting file servers and clients on a LAN (on
separate physical interfaces, but in the same security zone), which must not be accessible from the public
Internet
Interface #4 connected to the DMZ zone, connecting a web server and Domain Name System (DNS)
server, which must be accessible to the public Internet
Figure 5-7. Basic Security Zone
[View full size image]
In the example illustrated by Figure 5-7, the IOS Firewall will typically have three main security policies:
Private zone connectivity to the Internet
Private zone connectivity to DMZ
Public zone connectivity to DMZ
Devices connected in the private zone would be able to pass traffic to all other devices between interface #2
and #3 because they are in the same Private zone.
Pages:
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239