TZ300 vs TZ370 firewall rules in general

B83

Hi,
Both firewalls have a traffic matrix (LAN to WAN, WAN to LAN, etc.) that allows one to easily view rule sets for each of these traffic cases, but I noticed the TZ300's matrix is about physical interfaces whereas the TZ370 is about zones (I discovered 'zones' yesterday investigating this).

1. Broadly speaking, would you say the TZ370 is a zone-based firewall and the TZ300 is not?
2. Can TZ300 rules be imported into a TZ370?
3. Is it possible to build a zero-trust network with TZ370s specifically, and zone-based firewalls in general?

Zones are apparently based on trust. What good is that model if one of your trusted machines is compromised?

MarkD

There is no difference in the implementation if rules between Gen 6 and Gen 7 TZ - Gen 7

Interfaces are in Zones

Gen 7 - is Zones

Gen 6 - is Zones I just doesn't say Zones

As for rules:-

SonicWALL provide a migration tool within the Tools/Migration tool of your my SonicWALL Portal.

Arkwright

Zones are apparently based on trust.

Zones are groups of interfaces. The "trust level" is a shorthand for, "by default, should traffic from here to there be allowed or not?". You can tweak the default rules to taste.

What good is that model if one of your trusted machines is compromised?

How the firewall is managed won't make any difference to defending internal machines from each other - traffic to and from the same network will not pass through the firewall, so it cannot act on it. This does not invalid the firewall zone concept.

B83

Thanks, especially about that 'migration tool'