security zone-policy zone <zone>
Defines a security zone policy.
- zone
- The name of a security zone.
You can define more than one security zone by creating more than one zone-policy zone configuration node.
Configuration mode
security {
zone-policy {
zone zone {
}
}
}
In the vRouter, a zone is defined as a group of interfaces that have the same security level. After a zone is defined, firewall rule sets can be applied to traffic flowing between zones.
By default, traffic to a zone is dropped unless a policy has been defined for the zone sending the traffic. Traffic flowing within a zone is not filtered.
When defining a zone, keep the following in mind:
- An interface can be a member of only one zone.
- An interface that is a member of a zone cannot have a firewall rule set directly applied to it.
- For interfaces not assigned to a zone, traffic is unfiltered by default. These interfaces can have rule sets directly applied to them.
Use the set form of this command to define a security zone.
Use the delete form of this command to delete a security zone.
Use the show form of this command to display the configuration of a security zone. See show zone-policy.