SD-WAN

Hi,

Could someone please with an example/scenario explain how we do segmentation on a branch traffic with creating segments and zones? If I understand it right we can create different segments and then within segments we can have up to 3 different zones? then how we can define which segment/ or zone traffic use which BIOs?

Thanks

------------------------------
Yas LG
------------------------------

Hi,

3 zones per segment is definitely incorrect. There's no limit as to the number of zones you could have in a given segment. You could then associate segments with BIOs. Typically, the BIOs will get applied to all segments. Zones will ensure security segmentation within each segment or between segments is enforced.

------------------------------
Eyad
------------------------------

Original Message:
Sent: Sep 30, 2021 06:25 AM
From: Yas LG
Subject: Segments & zones - zone based firewall

Hi,

Could someone please with an example/scenario explain how we do segmentation on a branch traffic with creating segments and zones? If I understand it right we can create different segments and then within segments we can have up to 3 different zones? then how we can define which segment/ or zone traffic use which BIOs?

Thanks

------------------------------
Yas LG
------------------------------

thanks for the reply, so lets say we have 2 segments: trusted and untrusted. on trusted segment, we have a zone for open internet (like colleagues trying to reach internet) and then on untrusted segment, we have guest users traffic, both need to locally breakout to a cloud-based proxy, can I associate both to one BIO or does trusted and untrusted zones need to have different BIOs?
Original Message:
Sent: Oct 01, 2021 05:35 AM
From: Eyad Alnaqi
Subject: Segments & zones - zone based firewall

Hi,

3 zones per segment is definitely incorrect. There's no limit as to the number of zones you could have in a given segment. You could then associate segments with BIOs. Typically, the BIOs will get applied to all segments. Zones will ensure security segmentation within each segment or between segments is enforced.

------------------------------
Eyad

Original Message:
Sent: Sep 30, 2021 06:25 AM
From: Yas LG
Subject: Segments & zones - zone based firewall

Hi,

Could someone please with an example/scenario explain how we do segmentation on a branch traffic with creating segments and zones? If I understand it right we can create different segments and then within segments we can have up to 3 different zones? then how we can define which segment/ or zone traffic use which BIOs?

Thanks

------------------------------
Yas LG
------------------------------

In this case I'd probably only use 1 segment, 1 BIO with Internet breakout and 2 zones (trusted and untrusted). The security policies matrix will allow you to apply different filtering and whitelisting polices to the corporate and guest users.

------------------------------
Eyad
------------------------------

Original Message:
Sent: Oct 01, 2021 10:23 AM
From: Yas LG
Subject: Segments & zones - zone based firewall

thanks for the reply, so lets say we have 2 segments: trusted and untrusted. on trusted segment, we have a zone for open internet (like colleagues trying to reach internet) and then on untrusted segment, we have guest users traffic, both need to locally breakout to a cloud-based proxy, can I associate both to one BIO or does trusted and untrusted zones need to have different BIOs?
Original Message:
Sent: Oct 01, 2021 05:35 AM
From: Eyad Alnaqi
Subject: Segments & zones - zone based firewall

Hi,

3 zones per segment is definitely incorrect. There's no limit as to the number of zones you could have in a given segment. You could then associate segments with BIOs. Typically, the BIOs will get applied to all segments. Zones will ensure security segmentation within each segment or between segments is enforced.

------------------------------
Eyad

Original Message:
Sent: Sep 30, 2021 06:25 AM
From: Yas LG
Subject: Segments & zones - zone based firewall

Hi,

Could someone please with an example/scenario explain how we do segmentation on a branch traffic with creating segments and zones? If I understand it right we can create different segments and then within segments we can have up to 3 different zones? then how we can define which segment/ or zone traffic use which BIOs?

Thanks

------------------------------
Yas LG
------------------------------