Once inside the firewall, all internal network traffic is trusted.

Trust is granted based on the user's physical location within the network.

All devices, processes, and users must be continuously verified and nothing is inherently trusted.

Security controls are primarily focused on the network perimeter.

Management plane

Control plane

Data plane

Application plane

Multi-factor authentication (MFA)

Network Address Translation (NAT)

Adaptive identity

System permissions

To encrypt all data transmissions.

To categorize network connections based on their origin and destination.

To automatically grant access to all internal users.

To prevent all external network traffic.

To make authentication decisions.

To generate access tokens and credentials.

To act as a gatekeeper, allowing or disallowing traffic based on policies.

To evaluate access decisions based on policy and other information sources.