Why should I use Firewall Zones and not just Address Objects?

Posted by SRobertJames on Server Fault See other posts from Server Fault or by SRobertJames
Published on 2011-01-16T02:18:59Z Indexed on 2011/01/16 2:54 UTC
Read the original article Hit count: 388

Filed under:
|
|
|
|

I appreciate Firewall Address Objects and Address Groups - they simplify management by letting me give a name to a group of addresses.

But I don't understand what Firewall Zones (LAN, WAN, DMZ, etc.) do for me over Address Groups. I know all firewalls have them, so there must be a good reason. But what do I gain by stating a rule applies to all traffic from LAN Zone to WAN Zone which comes from LAN Address Group to WAN Address Group? Why not just mention the Address Groups?

© Server Fault or respective owner

Related posts about networking

Related posts about firewall