Huawei firewalls use security zones to group interfaces that share the same trust level and security policy requirements. In the default configuration, Huawei firewalls provide four built-in zones that cover the most common deployment scenarios.
Trust represents the internal network where users and servers are typically considered more reliable. Untrust represents external networks such as the Internet, where traffic is considered untrusted and usually requires stricter access control and security inspection. DMZ is designed for semi-public servers (for example, web or mail servers) that must be reachable from Untrust but should be isolated from the Trust network to reduce lateral movement risk if a DMZ host is compromised. Local is a special zone that represents the firewall device itself (management plane and control plane). Traffic destined to or originating from the firewall (such as management access, routing protocol packets, or local services) is associated with the Local zone and is controlled using dedicated policies.
Because these four zones are pre-defined and available by default, all listed options are correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit