{{indexmenu_n>20}}

# Zones

The **Zones** view lets you can configure [firewall zones](/glossary/f/firewall_zone) to group your firewall rules.

## 

At the top of the page is a list of selectable zones.

By default this list contains the LAN and WAN zones, which contain default settings for local and Internet traffic.

When a particular interface is selected, details about it is shown in the configuration section.

## Zone configuration

^ Item ^ Description ^
| Name | Identifier for the zone. |
| Default policy | Default behavior for various traffic. |
| Masquerading | Enable firewall [masquerading](/glossary/m/masquerading). |
| MSS Clamping | [MSS Clamping](/glossary/m/mss_clamping) limit. |
| Allow forward to destination zones | Check zones to permit forwarding. |
| Allow forward from source zones | Check zones to permit forwarding. |
| Zone members | Interfaces that are part of the zone. |


### Default Policy

The default policy setting defines firewall rules that apply unless specific rules override them.

^ Item ^ Description ^
| Input | Incoming traffic from WAN. |
| Output  | Outgoing traffic to WAN. |
| Forward | Traffic from LAN to WAN. |

The different default policy values determine the firewall behavior, through the firewall actions:

{{page>/glossary/f/firewall_action&fullpage}}


### Add Firewall Zone

To add a firewall zone:

* Click the **Add** button

* Enter information in the fields

* Click **Apply**

Once the zone has been created, you can use it with your [connections](../../../network/connections/start).


### Add Zone Members

If you have networks/devices set up, you can add them to the zone.

To add a device as a zone member:

* Click the **Add** button

The **Select network device** dialog opens.

* Open the **select network** menu

* Select the device

* Click **OK**

* Click **Apply**