Grouping interfaces and VLAN subinterfaces into zones simplifies policy creation, allowing faster creation of policy and firewall rules. administrators can configure policies for connections to and from a zone, but not between interfaces in a zone. administrators can add zones, rename and edit zones, and delete zones from the zone list. When administrators add a zone, administrators select the names of the interfaces and VLAN subinterfaces to add to the zone.

Zones are configured from physical network adapters.