Most of the firewalls are  Zone based firewall. This means that interfaces can be assigned to zones in the firewall and then security and policies can be managed by controlling traffic moving between the zones rather than into or out of a specific interface. This allows for more flexible control over the traffic while reducing administrative overhead for configuration. There are a number of predefined zones that are created upon installation. These are referred to as the systems zones and include:

• LAN Zone – This is the most secure zone by default
• WAN Zone – This zone is used for external interfaces that provide internet access
• DMZ Zone – This zone was created with the idea that it will host publically accessible servers
• VPN Zone – This is the only zone that does not have a physical port or interface assigned to it.

When a VPN is established, the port or interfaced used by the connection is dynamically added to the zone and removed when disconnected

• WiFi Zone – This zone exists to provide security for wireless internet services

An administrator can also create additional zones in order to further customize traffic flow and security.

When creating a zone for use with interfaces, there are a number of options that can help to secure or open the zone to specific traffic. Like with most items, we begin by giving the new zone a name and optionally a description.