Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Annie-CCSA
Participant

InternalNet vs InternalZone

Hi Guys, 

Is there any difference between the "InternalNet" or "InternalZone" objects we can select in a security policy ? ( when to use what ? )

Based on what I read in the CCSA course, I assume InternalZone could be the group of internal interfaces. InternalNet could be the group of RFC1918 addresses for ipv4...

Or is this all the same ?

I'm sorry if this is a stupid question, but I can't find the answer here in Checkmates nor the training courses. Thx.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

They are different kinds of objects (Zone versus group) so they could overlap but are not exactly the same.

0 Kudos
Annie-CCSA
Participant

So InternalZone is a zone, and InternalNet is a group of ... ( interfaces, RFC1918, ... ? )

Thx.

0 Kudos
PhoneBoy
Admin
Admin

Generally, InternalNet is whatever you've defined it to be.
I believe it is used in the CCSA Courseware as a placeholder for "internal network."

To complicate matters, it turns out there is a Dynamic Object called InternalNet, used primarily with SmartLSM.
Dynamic Objects are generally placeholder objects where you set the actual definition on the relevant gateway via the dynamic_objects CLI command.
Some Dynamic Objects (e.g. LocalGateway) are managed automatically.
I don't believe InternalNet is, unless you're using SmartLSM.

This is in comparison to InternalZone, which is defined based on the topology setting for your gateways and includes all the networks behind the relevant interfaces. 

0 Kudos