What’s this security policy ‘type’ thing anyway?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cyber Elite
Cyber Elite

Migrating security platforms can be a Herculean task, especially when moving from a non-zone based system and needing to build a security policy up from scratch. Soon enough, you might start to look like this guy:





When creating a security policy, there's a dropdown called 'Rule Type' available that can considerably change the dynamic of how security policies work for you, if applied appropriately!

rule type.png


The difference in behavior introduced by this seemingly simple 'type' is pretty significant, as it changes a policy from a traditional any object in the source field to any object in the destination field to an exclusive operator.


An 'intrazone' type policy will only allow (or block) sessions inside the same zone, this can be very useful when the firewall is set up in Layer 2 mode and is bridging VLANs from one switch stack to the other where each VLAN is represented by a zone.


An 'interzone' type policy is the exact opposite, it will only allow sessions from one zone to a different zone, even if the same zone is listed in the destination field, which is useful when a lot of bidirectional policies need to be set up without inadvertently allowing or blocking sessions inside a zone.


zone types.png


Another cool resource to help you tighten up security with a few nifty tricks, please check out this article: Optimize Your Security Policy


Reaper out

Register or Sign-in
About the Author
I drink and I know things
Top Liked Authors