TZ300 vs TZ370 firewall rules in general
B83
Newbie ✭
Hi,
Both firewalls have a traffic matrix (LAN to WAN, WAN to LAN, etc.) that allows one to easily view rule sets for each of these traffic cases, but I noticed the TZ300's matrix is about physical interfaces whereas the TZ370 is about zones (I discovered 'zones' yesterday investigating this).
- Broadly speaking, would you say the TZ370 is a zone-based firewall and the TZ300 is not?
- Can TZ300 rules be imported into a TZ370?
- Is it possible to build a zero-trust network with TZ370s specifically, and zone-based firewalls in general?
Zones are apparently based on trust. What good is that model if one of your trusted machines is compromised?
Best Answers
-
CORRECT ANSWERMarkD
Cybersecurity Overlord ✭✭✭
There is no difference in the implementation if rules between Gen 6 and Gen 7 TZ - Gen 7
Interfaces are in Zones
Gen 7 - is Zones
Gen 6 - is Zones I just doesn't say Zones
As for rules:-
SonicWALL provide a migration tool within the Tools/Migration tool of your my SonicWALL Portal.
0 -
CORRECT ANSWERArkwright
Community Legend ✭✭✭✭✭
Zones are apparently based on trust.
Zones are groups of interfaces. The "trust level" is a shorthand for, "by default, should traffic from here to there be allowed or not?". You can tweak the default rules to taste.
What good is that model if one of your trusted machines is compromised?
How the firewall is managed won't make any difference to defending internal machines from each other - traffic to and from the same network will not pass through the firewall, so it cannot act on it. This does not invalid the firewall zone concept.
1
Answers
Thanks, especially about that 'migration tool'