Network Configuration Example

The following example gives an overview of creating zones to control access to servers, Human Resources machines, and Accounting machines on your network.

First, create zones that contain the machines for which you need to control access. You can add IPs to a zone individually, by subnet:mask, or by CIDR definitions.

1. Create one zone that contains only your internal servers.
2. Create another zone that contains only your external servers.
3. Create an zone that contains the machines that need access to HR information.
4. Create a zone that contains the machines that need access to Accounting information.
5. All other devices remain only in the perimeter zone. The following diagram illustrates this network configuration.

Once the zones are defined, create rules to specify access for each zone.

• Internal rules to allow machines within the same zone to communicate with each other.
• Server rules to allow network machines to communicate with the internal and external servers.
• Access rules to block Accounting machines and HR machines from communicating with each other.
• Access rules to block all other machines from accessing HR or Accounting.
• When any unauthorized access is attempted, the connection is immediately terminated.