Managing Zone Security Groups

A Security Group is a collection of instances that can be used to represent zones for all supported devices. Zones can include IPv4 or IPv6 subnets with explicit network addresses or security groups. Security groups can be added or changed through the REST API or when you import a zone list from a CSV file.

The predefined zones are:

  • Internet - This zone represents all addresses that are considered public by SecureTrack, and excludes all addresses that are defined in the other zones. You cannot edit this zone.
  • Unassociated Networks - This zone includes all private addresses that are not included in any other defined zone. You cannot edit this zone.

    You can add this zone to any USP matrix and define the behavior of this zone relative to all other zones or to specific zones in the environment.

    The Unassociated Networks zone is included in the calculations for Violations in SecureTrack, Risk Analysis in SecureChange, and Compliance checks in SecureApp.

    The Unassociated Networks zone is not available for Policy Analysis, Compliance Policy definition, Business ownership, Risk reports, Configuration of risk security zones (Internal/DMZ/external) in Risk Configuration - General, or PCI profile definition.

  • Users Networks - This zone is where you can add the subnets that users use to connect to your network. (Available for devices that support User Identity functionality).

Zones can also include other zones to build a hierarchy.You can view the security groups in each zone in the Security Groups tab of zones.

All the security groups of all zones selected in the zone list are displayed. For each security groups , the zone it belongs to is displayed. You can also select to Include security groups of child zones to recursively display security groups that are indirectly included in the selected zones.

If there are many security groups, you can filter the list by one or more of these fields: Zone, Security Groups, and Description. In the Filter row, type or select a filter. As you type, SecureTrack only shows you the security groups that match the filters.

If you change a zone in a way that creates a Compliance Policy violation, SecureTrack does not automatically send an alert. After you make changes to zones, we recommend that you run your Compliance Policy audits.

To view a security groups zone:

  1. In Zones, select the Security Groups tab:

  2. To filter the results, enter text in the filter area for any of the fields: Zone, Security Group Name, Description. As you type, SecureTrack only shows you the security groups that match the filters.

    When compliance is checked via the Unified Security Policy, any Security Group that contains the name you added to the zone will be a match. For example, if the Security Group Name field contains"oursg", all these zone Security Groups will match: "oursg1" , "0oursg2", "a_oursg", and so on.