F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
30
Figure 23 Network diagram
When the source zone is not any, the destination zone cannot be any either.
The source zone can be any, but configuring the source zone as any might cause the device
unconfigurable. To avoid this problem, the system defines the rule that the Management zone does not
belong to the any zone.
24B
Configuring the security zone in the Web interface
128BRecommended configuration procedure
Ste
p
Remarks
1. 568HCreating a security zone
Optional.
By default, the default VD Root has the following security zones:
Management, Local, Trust, DMZ, and Untrust, and no security zone exists
on user-defined VDs.
2. 569HAdding members to the
security zone
Required.
Add Layer 3 interfaces and Layer 2 interfaces with their VLANs to the
security zone.
The interfaces and VLANs must belong to the same VD as the security
zone. For how to assign interfaces and VLANs to a VD, see System
Management and Maintenance Configuration Guide.
Interfaces must be added to a security zone to operate properly.
The security zone Local represents the device itself, and no interface can be added to the zone as a
member.
129BCreating a security zone
1. Select Device Management > Zone from the navigation tree to enter the security zone management
page.