Using zones to simplify firewall policies
This example shows how grouping multiple interfaces into a zone can simplify firewall policies. In this example, we create VLAN10, VLAN20, and VLAN30 and add them into a zone called LAN Zone. Instead of having to reference all three interfaces separately as a source interface in our firewall policy, we can just use the single zone object.
In addition to VLANs, zones can also group many other kinds of interfaces such as physical ports or IPsec tunnels.