7 security zone configuration, Overview, Configuring a security zone – H3C Technologies H3C SecBlade IPS Cards User Manual

7-1

7

Security Zone Configuration

Overview

With security zones, an administrator can classify interfaces based on security needs, that is, assign

them to different zones, thus implementing hierarchical policy management. A security zone can

include physical and logical interfaces, and Layer 2 physical trunk interfaces + VLAN. Interfaces added

to the same security zone have consistent security needs in security policy control.

As shown in

Figure 7-1

, you can add the IPS device’s interface connecting to the internal network to the

Internal zone, and add the IPS device’s interface connecting to the external network to the External

zone. After that, you only need to define security policies for the two security zones. If networking

changes, you can modify interfaces in the security zones, instead of modifying security policies.

Security zones simplify policy maintenance and separate network services from security services.

Figure 7-1 Security zones

Configuring a Security Zone

Configuration Task List

Perform the tasks in

Table 7-1

to configure a security zone.

Table 7-1 Security zone configuration task list

Task

Description

Creating a Security
Zone

Required

Create a security zone and add interfaces to it.

By default, no security zone is created.