Zone Policy
The Zone Policy factor scores the flow based on the policy from the zone matrix. When zones are configured, the matrix defines whether traffic between two zones should be allowed, reviewed, or denied. This factor translates that policy into risk points.
Default max contribution: 20 points.
Scoring table
| Zone Policy | Points | Meaning |
|---|---|---|
| Allow | 0 | Expected, baseline traffic |
| Review | 10 | Needs scrutiny before approval |
| Deny | 20 (max) | Blocked by zone matrix policy |
| No zone match | 5 | Source or destination IP does not match any zone subnet |
| No zone matrix active | 5 | No zones are configured |
How it works
When a flow is validated, netbobr looks up which zone each IP belongs to by matching against zone subnet definitions. If both IPs resolve to a zone, the zone matrix is consulted for the pair's policy. The resulting policy maps directly to the points above.
If either IP does not fall within any defined zone subnet, a no zone match score of 5 is assigned - this reflects the uncertainty of unclassified traffic.
If no zone matrix has been configured at all, the same 5-point score applies. This provides a baseline nudge without penalizing environments that have not yet set up zones.
Interaction with floors
The Zone Policy factor feeds into the floor system. A Deny policy triggers a minimum final score of 51 (High), and a Review policy triggers a minimum of 26 (Medium), regardless of what the other three factors produce.