BYOS Management Console
      Back to home
      1. BYOSwerx Knowledge Base
      2. BYOS Management Console

      Managing Zones

      An overview about how Zones work in the Byos SL Overlay

      Overview

      The Byos Secure Lobby Overlay is an overlay network within the Byos platform. It enables Secure Edges to have secure communications between themselves and the Internet using Layer 2 Tunnels.

      What is a Zone?

      A Zone is a region within the Secure Lobby Overlay, that is used to segment and control traffic between Edges. The Default Zone within the Byos Overlay is set at 172.20.0.X/16

      How does a Zone relate to a Policy Group?

      Policy Groups are assigned to Zones, and thus a Policy Group’s Edges will will be governed by the Zone’s networking settings in the Byos Secure Lobby Overlay.

      How do Zones and Edges Relate?

      An Edge will be enrolled into a Policy Group, and the Zone will thus be inherited from the Group.

      What is the Hierarchy of the Byos Network?

      This is the hierarchy of terms within the Byos Solution:

      • Zones - Network zones within the Byos Secure Lobby Overlay, ability to be
      • Policy Group - A group of Edges, with an assigned set of policies, configured in the Management Console
      • Edge - A Byos Secure Edge device
      • Microsegment - The internal network created by the Byos Edge, isolated from any the outer WAN side of the Edge.
      • Asset - Any Device connected to the Byos Edge, inside the microsegment

      Here is a brief graphic representation of How Zones, Policy Groups, Edges, and Assets Works together:

      • Zone 1
        • Only allowed to access Zone 2 outbound
      • Zone 2
        • allows inbound Access From Zone 1 & Zone 3
        • Is allowed to access Zone 3 outbound
      • Zone 3
        • Bidirectional (inbound and outbound) traffic to and from Zone 2
      Notion Image

      Viewing the Zones In your Byos Secure Lobby Overlay

      Notion Image

      Creating a Zone

      1. Names the Zone.
      1. Select the Network and CIDR for the Zone.
         
         
        ⚠️ Note: the CIDR will impact the amount of Hosts available within the Zone. CIDR: 16 - 65534 Hosts CIDR: 24 - 254 Hosts CIDR: 25 - 126 Hosts CIDR: 26 - 62 Hosts CIDR: 27 - 30 Hosts CIDR: 28 - 14 Hosts CIDR: 29 - 6 Hosts
         
      1. Select which Policy Groups will belong to the Zone.
      1. Select the other Zones that will have inbound access to this newly created Zone.
      1. Select the other Zones this newly created Zone will have outbound access to.
      Notion Image

      Updating a Zone

      When a Zone is clicked on, the side bar will display it’s information. All Zone settings can be modified:

      • Zones Name
      • Zone Network ID & CIDR
      • Inbound and Outbound Connections between Zones
      • Which Policy Groups belong to the Zone
      Notion Image
       

      Deleting a Zone

      When a Zone is deleted, all Policy Groups in that Zone will be moved back to the Default Policy Group. They can be re-assigned once the Zone is deleted.

      ℹ️The Default Zone is not able to be deleted.

      Zone Conflicts

      When creating Zones, it is necessary for each zone to have a unique Network ID to avoid routing conflicts within the Overlay.

      Notion Image

      Internal Microsegment Network IDs set at the Policy Group level also need to be unique so that there are not conflicts between Microsegments and Zones.