On This Page
Network Zones
Overview
Network zones are groups of IPv4 or IPv6 network addresses, such as an organization's internal network or DMZ. Zones can include IPv4 or IPv6 subnets with explicit network addresses or security groups. Security groups can be added, changed and deleted through the REST API or by importing a zone list from a CSV file.
The predefined zones are:
-
Internet: This zone represents all addresses that are considered public by SecureTrack, and excludes all addresses that are defined in the other zones. You cannot edit this zone.
In Access Requests, the internet zone (or its default IP address 8.8.8.8) is used to calculate paths between a defined source and a URL category or internet object (for supported devices).
If your URL categories are located inside your network (rather than in the internet), you can change this zone using the Set Zone as URL Category Zone REST API function.
-
Unassociated Networks: This zone includes all private addresses that are not included in any other defined zone. You cannot edit this zone.
You can add this zone to any USP matrix and define the behavior of this zone relative to all other zones or to specific zones in the environment.
The Unassociated Networks zone is included in the calculations for Violations in SecureTrack, Risk Analysis in SecureChange, and Compliance checks in SecureApp.
The Unassociated Networks zone is not available for Policy Analysis, Compliance Policy definition, Business ownership, Risk reports, Configuration of risk security zones (Internal/DMZ/external), and PCI profile definition.
-
Users Networks: This zone is where you can add the subnets that users use to connect to your network. (Available for devices that support User Identity functionality).
Zones can also include other zones to build a hierarchy. You can view and manage explicit network addresses in the Subnets tab of zones.
Network Zone names should not include the ">" character to ensure compatibility across all devices.
You can import zones from CSV format to easily add them to SecureTrack. You can export zones to CSV format, for example to backup the zones.
Tufin provides an extension - IPAM Security Policy App (ISPA) - that integrates between SecureTrack and external IP address management solutions (IPAMs). You can use ISPA to create and maintain accurate SecureTrack zones, increase the value gained from your existing security tools, and maintain consistent visibility over network risk. This will enable you to define better governing policies within the USP and help ensure that the network address accuracy is consistent with ongoing changes to your network. For more information, see IPAM Security Policy App.
What can I See?
You can use these zones to define:
- Security zone matrix in Unified Security Policy
- Business ownership reports
What Can I Do Here?
- Configure the zone list - Add, delete, edit the name, or view zone dependencies.
- Export or Import a zone list - Import a new zone list, or export the zone list to a CSV file.
- Manage the Zone Hierarchy - View and modify the zone hierarchy.
- Manage zone subnets - Add, edit or delete the subnets in a zone.
- Managing the Users Networks Zone – Manage the User Identity functionality.
- Managing Zone Security Groups – View the Security Groups zones.
How Do I Get Here?
Browser > Zones
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague