Define traffic policies between your network zones

A zone communication matrix is an NxN grid showing which network zones are allowed to communicate with each other. Each cell represents a source-to-destination relationship with a default policy (Deny All or Allow All) and optional exception rules for specific protocols.

Each zone relationship has a default policy: Deny All (whitelist approach - block everything except explicitly allowed) or Allow All (blacklist approach - permit everything except explicitly blocked). You then add exception rules for specific protocols. Most secure environments use "Deny All" as the default and explicitly allow only necessary traffic.

After designing your network zones in the VLAN Planner, click "Copy for Communication Matrix" to copy the zone data. Then open this tool, select "Import from VLAN Planner", and paste. Your zones will be imported automatically so you can define the communication policies between them.

The communication matrix serves as a planning and documentation tool. To actually enforce these policies, you need to configure your network infrastructure accordingly. This typically involves: Firewalls (perimeter or internal) to filter traffic between zones based on your rules, Access Control Lists (ACLs) on routers and Layer 3 switches, Software-defined networking (SDN) solutions for dynamic policy enforcement, or Microsegmentation platforms that can enforce policies at the endpoint level. Export your matrix as CSV to use as input for firewall rule configuration.

No. All processing happens locally in your browser. Your zone and policy data is never sent to any server. When you close the page, the data is gone unless you export it first.