A security zone or zone is a security concept introduced by the device. Most security policies are implemented based on security zones.
A security zone is a set of the networks connected by interfaces. Users on these networks have the same security attributes.
In the application of network security, if the network security device checks all packets one by one, a large number of resources are consumed and performance is severely degraded. Moreover, it is unnecessary to check all packets. Therefore, a packet check mechanism based on the security zone is brought forward in the network security field.
Then the network administrator can classify the network devices at the same security level into one security zone. Since the network devices in the same security zone are at the same security level, the FW considers that data flows in the same security zone bring no security risks and thus no security policy is required. The FW triggers the security check and implements security policies only on data flows between security zones.
All in all, in addition to the direct forwarding of packets, the FW supports creating security zones, and allows the network administrator to implement security check on special packets and enable the security function on the basis of security zones.