Security zones are logical groups of interfaces used for traffic segmentation. Security zones allow you to classify Kaspersky NGFW interfaces in accordance with their belonging to a traffic control zone. Security zones are used as qualifiers in security rules or decryption rules. When adding a security zone to traffic processing rules, you can configure rules for the interfaces included in the security zone. For each zone, you can use a separate set of traffic processing rules. For example, you can allow traffic from the LAN zone to the WAN zone.
Zones are defined globally for the entire Kaspersky NGFW solution, and not on individual devices or network templates.
Before adding a security zone to a rule, you need to add interfaces to the zone. You can do this in the Interfaces section when editing device settings, or on the command line using the zone family of commands. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document. We recommend adding interfaces with the same trust level to a security zone.
If no interface is added to the zone used in the rule, such a rule is ignored on the device. Policies that use such zones are no longer synchronized with the device.
Kaspersky NGFW supports two types of security zones:
For default security zones, you can only edit the description, and add or remove interfaces using the command line. By default, no interfaces are added to the default security zones. You cannot delete default security zones.
Kaspersky NGFW comes with the following default security zones:
You can create and configure custom security zones as needed.
The table of security zones is displayed in the Application & Services → NGFW → Security zones section.
The table contains the following information about security zones: