.. _example_traffic_zone_zone:

####
Zone
####

The following scenario shows how to configure different
``traffic zones``. A ``traffic zone`` is an abstract
concept that allows a set of network interfaces to be isolated
using ``traffic policies``. By default, inter-zone traffic is
not allowed. The latter has to be explicitly defined with
``from-zone`` policies. One ``traffic zone`` can be set
as ``local`` to define the fate of local packets.

.. image:: topology.svg
  :width: 800

*****************
Test Traffic Zone
*****************

Description
===========

In this scenario, three ``traffic zones`` are configured
in DUT0.

The *WAN* zone represents traffic coming from the
Internet. The *LAN* zone represents traffic coming
from the local area network.
*ROUTER* is a special zone for local incoming / outgoing
traffic.

DUT2 is supposed to be a device connected to the LAN
acting as a Web and TFTP server. In DUT0, HTTP traffic
is allowed from the WAN. All traffic is allowed to
go from the LAN side to the WAN side. However, only TFTP
traffic can cross the *ROUTER* zone.

Scenario
========

.. include:: zone/testtrafficzone

.. raw:: html

  <hr>