Network Zones

Overview

Network zones are groups of IPv4 or IPv6 network addresses, such as an organization's internal network or DMZ. Zones can include IPv4 or IPv6 subnets with explicit network addresses or security groups. Security groups can be added, changed and deleted through the REST API or by importing a zone list from a CSV file.

There are three predefined zones:

  • Internet - This zone represents all addresses that are considered public by SecureTrack, and excludes all addresses that are defined in the other zones. You cannot edit this zone.
  • Unassociated Networks - This zone includes all private addresses that are not included in any other defined zone. You cannot edit this zone.

    You can add this zone to any USP matrix and define the behavior of this zone relative to all other zones or to specific zones in the environment.

    The Unassociated Networks zone is included in the calculations for Violations in SecureTrack, Risk Analysis in SecureChange, and Compliance checks in SecureApp.

    The Unassociated Networks zone is not available for Policy Analysis, Compliance Policy definition, Business ownership, Risk reports, Configuration of risk security zones (Internal/DMZ/external) or PCI profile definition

  • Users Networks - This zone is where you can add the subnets that users use to connect to your network. (Available for devices that support User Identity functionality).

Zones can also include other zones. This allows you to build a zone hierarchy.

You can import zones from CSV format to easily add them to SecureTrack. You can export zones to CSV format, for example to backup the zones.

What can I see?

You can use these zones to define:

What Can I Do Here?

How Do I Get Here?

Settings > Configuration > Risk > General

,