This statement is TRUE . On Huawei firewalls, security policies are mainly used to control traffic between different security zones . The firewall determines policy matching based on the source zone and destination zone , and these interzone policies decide whether traffic is permitted or denied.
For traffic between users in the same zone , permit security policies generally do not need to be configured. This is because hosts and interfaces belonging to the same security zone are considered to have the same trust level, and their communication is not normally controlled by interzone security policy rules in the same way as traffic moving from one zone to another. In other words, the main purpose of zoning is to define boundaries between different trust levels, not to force permit rules for communications inside a single zone.
This behavior simplifies firewall policy deployment. Administrators mainly need to focus on policy design for traffic such as Trust to Untrust , Untrust to DMZ , or DMZ to Trust , where different trust levels exist. Therefore, for traffic between users in the same zone , a permit action security policy is generally not required .
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit