Why should I use Firewall Zones and not just Address Objects?
Posted
by
SRobertJames
on Server Fault
See other posts from Server Fault
or by SRobertJames
Published on 2011-01-16T02:18:59Z
Indexed on
2011/01/16
2:54 UTC
Read the original article
Hit count: 388
I appreciate Firewall Address Objects and Address Groups - they simplify management by letting me give a name to a group of addresses.
But I don't understand what Firewall Zones (LAN, WAN, DMZ, etc.) do for me over Address Groups. I know all firewalls have them, so there must be a good reason. But what do I gain by stating a rule applies to all traffic from LAN Zone to WAN Zone which comes from LAN Address Group to WAN Address Group? Why not just mention the Address Groups?
© Server Fault or respective owner