DocsYouTube ChannelDevNetCisco Defense Orchestrator DocsFirewall How To Community
Guides

Scenario 3 - Security Zones

Suggest Edits

A Security Zone is a type of Interface object that is useful when you want to create rules or process traffic based on the inbound/outbound interface(s). Zones can also contain interfaces from multiple devices so if, for example, you name a zone "Outside" you can add interfaces from multiple firewall devices to the zone. That way, any policy you assign to a device with a zone of "Outside" will process traffic in the same manner.

As with other objects, it is handy to have zones defined before you have to use them in your device configuration. We will setup several Security Zones to be used by our dCloud FTD firewall.

πŸ“˜

Lab Tasks

These are the tasks in this scenario. If you are familiar with the Secure Firewall you may do these on your own, or for step-by-step instructions see below.

  • Task 1 - Create the following routed mode Security Zones
    • OutZone
    • InZone1
    • InZone2
    • InZone3
    • InZone4

Task 1 - Create Zones

  1. From the FMC2 web UI, navigate to Objects > Object Management

    1. On the left panel click on Interface then click Add > Security Zone
    2. When creating Security Zones you have two options. First, you can create the zones ahead of time and then assign them to interfaces as you configure your devices. This is the method we are using.
      The second method is to create interfaces on your devices but not configure a zone. After you create the interfaces, you can create the Security Zone in the interface page itself or add the interfaces to an existing zone.
      Because we are using the first method, we do not have to specify the device or interface for our zones - just the name and zone type.
    3. We will create five Security Zones which we will use for our dCloud firewalls.
      1. OutZone
      2. InZone1
      3. InZone2
      4. InZone3
      5. InZone4

  2. In the Name field enter OutZone

    1. In the Interface Type dropdown, select Routed.

    2. Click Save to save the Security Zone.

    3. Repeat the steps above and create routed Security Zones for: InZone1, InZone2, InZone3 and InZone4

  3. When you are finished, you should have zones appearing as shown below.


πŸ‘

Tell us how we are doing

We are doing our best to ensure the scenarios in this lab guides are useful, clear and work as expected.

Please share your thoughts to help us improve or fix any problems you may run into..

Click here to provide your feedback or report an issue with this guide

Updated 5 months ago

What’s Next

Proceed to the next scenario below.

Β© 2024 Cisco Systems, Inc.
Title of the document The current suggested release is 7.4.2 Release 7.7 is live! Reminder that 7.7 firewalls are Snort 3 only