Hi all,
Is there any functional difference between using zones in policies rather than the direct interface itself in the policies?
Using zone has the transparency layer of changing the underlying interface.
Regards
Behzad
None from a functional. If you have hundred of interfaces , a zone might be beneficial if you need to group similar policy. Just keep in mind if you ever need interface label policy and have zones you can NOT do that. BUT you can still wrote specific policy with src/dst zone and src/dst address to that level of granular
FWIW I hardly use zones unless it's for VPN tunnels.
Ken Felix
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.