Configuring the Zone List

You can add, edit, or delete zones. Zones can include IPv4 or IPv6 subnets with explicit network addresses or security groups. Security groups can be added or changed through the REST API or when you import a zone list from a CSV file.

The predefined zones are:

  • Internet: This zone represents all addresses that are considered public by SecureTrack, and excludes all addresses that are defined in the other zones. You cannot edit this zone.

    In Access Requests, the internet zone (or its default IP address 8.8.8.8) is used to calculate paths between a defined source and a URL category or internet object (for supported devices).

    If your URL categories are located inside your network (rather than in the internet), you can change this zone using the Set Zone as URL Category Zone REST API function.

  • Unassociated Networks: This zone includes all private addresses that are not included in any other defined zone. You cannot edit this zone.

    You can add this zone to any USP matrix and define the behavior of this zone relative to all other zones or to specific zones in the environment.

    The Unassociated Networks zone is included in the calculations for Violations in SecureTrack, Risk Analysis in SecureChange, and Compliance checks in SecureApp.

    The Unassociated Networks zone is not available for Policy Analysis, Compliance Policy definition, Business ownership, Risk reports, Configuration of risk security zones (Internal/DMZ/external), and PCI profile definition.

  • Users Networks: This zone is where you can add the subnets that users use to connect to your network. (Available for devices that support User Identity functionality).

Zones can also include other zones to build a hierarchy. You can view and manage explicit network addresses in the Subnets tab of zones.

Network Zone names should not include the ">" character to ensure compatibility across all devices.

Zone properties

When adding or editing zones (via the Zones page, REST API, or importing zones from a CSV file) the zone name and description fields are validated.

If you have upgraded from a previous release, the zone fields are not validated. When a zone with an invalid name is edited after the upgrade, a warning message will be displayed.

The following characters are allowed: Characters in all languages, Integers 0–9, Special characters + -_ # @ . , : = ! ^ ( )

In Multi-Domain deployments:

  • Super Admins can view the topology and zones in the Global context. Other users that have access to the Global context see that the Network section of SecureTrack is disabled.
  • The types of zones in the zone list are:

    Zone Type

    Icon

    How to Create

    Description

    Internet

    You cannot add, edit or delete the Internet zone

    A default zone that includes public IP addresses, excluding addresses that are defined in other SecureTrack zones. If you do not have SecureTrack zones defined then the Internet zone is treated as ANY.

    This zone includes an Internet Representing IP Address (default: 8.8.8.8). This address is used in topology path calculations in which the source or destination is the internet. If you are working with Topology Mode, this IP address is used when inserting internet objects directly into the access request.

    You can change the Internet Representing IP Address using the Set Zone as URL Category Zone REST API function.

    Internet zones exclude all RFC1918 addresses and public subnets defined in other zones.

    Unassociated Networks

    You cannot add, edit or delete the Unassociated Networks zone

    A predefined zone that includes all private IP addresses that are not included in any other defined SecureTrack zones.

    Users Networks

    You cannot add, edit or delete the Users Networks zone

    Predefined zone that is a collection of all the IP addresses used by users. (Available for devices that support User Identity functionality).

    Regular

    • Click Add Zone
    • Enter the zone details
    • Click Save

    A zone that can only be used in the domain it is created in. A regular zone includes Subnets and Security Groups.

    A Super admin in the Global context can only create regular zones and these zones cannot be seen in other domains.

    Shared

    • Click Add Zone
    • Enter the zone details
    • Select Shared Zone
    • Click Save

    A zone that can be used in any domain, except for the Global context.

    You cannot share a zone that is a parent of an imported zone.

    Imported

    • Click Add Zone
    • Select Select shared zone
    • Select a zone from the list of shared zones from other domains
    • Click Save

    A zone that is used in a domain that it was not created in.

    When you delete an imported zone, the zone is removed from the domain but still exists in the domain it was created in.

What can I do on this page?

  • Add a new zone - Click Add Zone, enter a Zone Name and Description, and click Save.
  • Delete zone - Select the zones you want to delete and click Delete Zones.
  • Change the zone name or description - Click Properties.
  • Check zone usage in SecureTrack reports and queries - Select the zone and click Where used. SecureTrack shows you the dependencies for the selected zones.

How Do I Get Here?

In SecureTrack: Browser > Zones.