Add security zones (inbound decryption)

This task discusses how to add security zones to an inbound standard decryption policy. A security zone specifies a Firewall Threat Defense device interface that sends traffic to the internal server. Typically, for inbound protection, this will be an internal (or DMZ) interface.

You must choose both a source and destination security zone.

Before you begin

Complete the tasks discussed in Create a standard decryption policy with inbound protection.

Procedure

Step 1

Click Edit next to Security Zones.

Step 2

In the Security Zones dialog box, do any of the following:

  • Select the check box next to a security zone to add to either the source or destination.

  • To create a new security zone, click Create security zone object.

  • Search for a security zone by entering text in the Search Zones field and pressing Enter.

Note

Click Help (help icon) on any dialog box for more information.

Step 3

Click Add to Source to decrypt traffic that matches the source security zone or click Add to Destination to decrypt traffic that matches the destination security zone. If you select both source and destination zones, to be decrypted, traffic must match both zones.

Typically, your internal server should be the destination of an inbound decryption rule.

The following figure shows an example.

Sample inbound decryption policy that uses an outside security zone as the source and the inside or DMZ security zone as the destination.

Step 4

Click Save.

Step 5

See Internal server details (inbound decryption).