Managing Zone Hierarchy

Zones can include IPv4 or IPv6 subnets with explicit network addresses or security groups. Security groups can be added or changed through the REST API or when you import a zone list from a CSV file.

The predefined zones are:

  • Internet - This zone represents all addresses that are considered public by SecureTrack, and excludes all addresses that are defined in the other zones. You cannot edit this zone.
  • Unassociated Networks - This zone includes all private addresses that are not included in any other defined zone. You cannot edit this zone.

    You can add this zone to any USP matrix and define the behavior of this zone relative to all other zones or to specific zones in the environment.

    The Unassociated Networks zone is included in the calculations for Violations in SecureTrack, Risk Analysis in SecureChange, and Compliance checks in SecureApp.

    The Unassociated Networks zone is not available for Policy Analysis, Compliance Policy definition, Business ownership, Risk reports, Configuration of risk security zones (Internal/DMZ/external) in Risk Configuration - General, or PCI profile definition.

  • Users Networks - This zone is where you can add the subnets that users use to connect to your network. (Available for devices that support User Identity functionality).

    Zones can also include other zones to build a hierarchy.

In Zones, the Zone Hierarchy shows the parent and child zones of the zones that are selected in the zone list:

zone hierarchy

You can select a zone in the hierarchy trees to change it:

zone hierarchy settings and membership

Zone Settings and controls (Zone properties, Where used?, and Delete) are the same as in the Zone List. Under Zone Membership, you can do the following:

To add a member to the zone selected in the hierarchy trees:

  1. Select the parent zone and click Add Members.
  2. Select the zones to be added, and click Add selected zones:

    Add zone members

    If there are many available zones, you can first filter the list by typing a Filter text. As you type, only zones whose names include the filter text are displayed.

To remove members from the zone selected in the hierarchy trees:

  1. Below Zone Membership, select the zones to be removed:

    remove zones

    If there are many available zones, you can first filter the list by typing a Filter text. As you type, only zones whose names include the filter text are displayed.

  2. Click Remove from zone.