This sub-section allows to finely define each of the groups of computers (zones) the firewall will have to deal with. The introductory screen sums-up the current configuration and allows to manage the three components of the zones definition process.
Do not forget to click the "Apply" button when you have finished configuring the zones in this sub-section.
First of you have to define the zone names. Think carefully of the zones that may be necessary to your current network configuration. Three names are provided by default, as you can see in the first table which sums up the defined names. This default allows a simple yet safe configuration of your network.
For each of the defined zone names, click on the
corresponding icon
to modify the names associated to that zone or
to definitely remove that
zone.
If you wish to define a new zone, click on the "Add
Zone"
icon.
There is a special zone "fw" not listed here but that always exists. It is used to designate the "firewall" zone: a zone made of one single machine, the firewall server itself.
Then it is necessary to inform the system of each network interface configured on your firewall, and the zone associated to them.
The table here lists the interfaces and the associated zones. If the zone name is "-" that means that various zones are attached to this interface. Those special "host" zones are defined in the third part of the page, below.
For each of the defined interfaces, click on the
corresponding icon
to modify the zone associated to that interface or the options,
or
to definitely
remove that interface.
If you wish to add a new interface, click on the "Add
Interface"
icon.
Finally, you can define in the last part of the page the possible "host" zones. Those zones are made of a group of computers sharing a single Ethernet interface of the firewall with other computers. For some reason you want to separate the way those machines are treated with respect to the other machines connected to that same interface. The machines owned by a "host" zone are identified by their subnet mask.
For example, this might be useful if your Internet server is physically connected to your LAN. You simply have to associate the DMZ zone to a "host" zone made of a single machine: the Internet server.
For each of the defined "host" zone, click on the
corresponding icon
to modify its configuration, or
to definitely remove
it.
If you wish to add a new "host" zone, click on the "Add
Host"
icon.