- security-zone
zone-name
{
-
- address-book {
- address
address-name (ip-prefix |
dns-name
dns-address-name);
-
- address-set
address-set-name
{
- address
address-name
;
- }
- }
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<except>;
- }
-
- system-services {
-
service-name
;
-
service-name
<
except
>;
- }
- }
-
- interfaces
interface-name
{
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<
except
>;
- }
-
- system-services {
-
service-name
;
-
service-name
<
except
>;
- }
- }
- }
- screen
screen-name
;
- tcp-rst;
- }
- [edit security zones]
Statement introduced in Release 8.5 of JUNOS software.
Define a security zone, which allows you to divide the network into different segments and apply different security options to each segment.
This statement is supported on J-series and SRX-series devices.
zone-name —Name of the security zone.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.