About Network Segments and Zones

The nodes in the device group map are organized using zones and network segments. All network objects, like firewalls routers, and clusters, are imported from the network configuration. You can move them around the device group map, but they are created, edited, and deleted elsewhere. Segments and zones are dynamic objects that you can create, delete, merge, and organize.

A network segment is a logical grouping of interfaces, addresses, and routes that join different sections of network objects together. You can join two network segments together to create a single network segment.

A zone is a group of network segments. Zones without associated network segments appear as a stack of colored rectangles on the right side of the map. When you open the map for the first time, only the "External" zone will appear. You can add more zones either by creating zones in the map, or importing zones you've defined through an upgrade.

A node is any other type of network object on the device group map: firewalls, routers, and clusters.

When the device group map is first created from the firewall configuration, every interface from every monitored device is automatically placed in its own network segment. Next, the map consolidates the segments that are in the same logical networks. From there, the user can create segments to merge network segments into a single unified network segment, and zones to organize the segments.