SD-WAN

 View Only
  • 1.  Segments & zones - zone based firewall

    Posted Sep 30, 2021 02:46 PM
    Hi,

    Could someone please with an example/scenario explain how we do segmentation on a branch traffic with creating segments and zones? If I understand it right we can create different segments and then within segments we can have up to 3 different zones? then how we can define which segment/ or zone traffic use which BIOs?

    Thanks

    ------------------------------
    Yas LG
    ------------------------------


  • 2.  RE: Segments & zones - zone based firewall

    Posted Oct 01, 2021 05:35 AM
    Hi,

    3 zones per segment is definitely incorrect. There's no limit as to the number of zones you could have in a given segment. You could then associate segments with BIOs. Typically, the BIOs will get applied to all segments. Zones will ensure security segmentation within each segment or between segments is enforced.

    ------------------------------
    Eyad
    ------------------------------



  • 3.  RE: Segments & zones - zone based firewall

    Posted Oct 01, 2021 10:24 AM
    thanks for the reply, so lets say we have 2 segments: trusted and untrusted. on trusted segment, we have a zone for open internet (like colleagues trying to reach internet) and then on untrusted segment, we have guest users traffic, both need to locally breakout to a cloud-based proxy, can I associate both to one BIO or does trusted and untrusted zones need to have different BIOs?


  • 4.  RE: Segments & zones - zone based firewall

    Posted Oct 01, 2021 10:33 AM
    In this case I'd probably only use 1 segment, 1 BIO with Internet breakout and 2 zones (trusted and untrusted). The security policies matrix will allow you to apply different filtering and whitelisting polices to the corporate and guest users.

    ------------------------------
    Eyad
    ------------------------------