Solutions

Network segmentation

Use this page for east-west and boundary review: where policy paths quietly weaken the separation your network diagram says should exist.

View Sample Reports See Firewall Rule Review

Zone view

Policy paths can weaken segmentation quietly

01

Internal source zone

A normal internal segment such as LAN, Guest, or SSLVPN starts with more access than intended.

02

Broad internal policy path

The sample report includes policies such as LAN to Guest, LAN to DMZ Access, Guest to DMZ, SSLVPN LAN Access, and IPSEC VPN LAN Access.

03

Destination zone becomes too reachable

That broad path weakens the expected separation between internal zones, servers, guests, or remote-access segments.

04

Deterministic finding is raised

ConfigSentry flags the path as Avoid broad east-west segmentation rules so engineers can review the actual policy list.

05

Engineer narrows the approved path

The remediation focus is to replace broad internal-zone access with dedicated source objects, destination objects, and narrower service scope.

Boundary examples

The kinds of access paths engineers usually need to challenge

Risk finding charm representing east-west access review.

LAN to Guest and Guest to DMZ

The sample policy names make it obvious how ordinary-looking internal paths can become broader than intended and undermine zone separation.

MFA charm representing VPN and remote-access segmentation review.

SSLVPN and IPSEC access into LAN

Remote-access and VPN-linked internal paths are part of the segmentation story too, especially when they become broader than their original business case.

Configuration file charm representing concrete segmentation examples.

Broad internal rules inside a VDOM

A fully open or weakly constrained internal policy can undo the boundary design the environment is supposed to rely on.

Why this matters

Segmentation evidence needs policy reality, not only diagrams

Architecture diagrams do not prove the policy is still doing the right thing.

ConfigSentry helps engineers review policy paths, objects, services, and logging together so unexpected access is easier to explain.

  • Reduce lateral movement exposure
  • Support internal and audit review with evidence
  • Tighten the boundaries that matter most first

Next step

Use the report for boundary review, then compare it with rule cleanup

Open the sample report if you want to inspect the finding format, or continue into Firewall Rule Review for the broader policy-quality view.

View Sample ReportsSee Firewall Rule Review