- zones {
-
- functional-zone {
-
- management {
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<except>;
- }
-
- system-services {
-
service-name
;
-
service-name
<except>;
- }
- }
-
- interfaces
interface-name
{
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<except>;
- }
-
- system-services {
-
service-name
;
-
service-name
<except>;
- }
- }
- }
- screen
screen-name
;
- }
- }
-
- security-zone
zone-name
{
-
- address-book {
- address
address-name
(
ip-prefix
| dns-name
dns-address-name
);
-
- address-set
address-set-name
{
- address
address-name
;
- }
- }
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<except>;
- }
-
- system-services {
-
service-name
;
-
service-name
<except>;
- }
- }
-
- interfaces
interface-name
{
-
- host-inbound-traffic {
-
- protocols {
-
protocol-name
;
-
protocol-name
<except>;
- }
-
- system-services {
-
service-name
;
-
service-name
<except>;
- }
- }
- }
- screen
screen-name
;
- tcp-rst;
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
A zone is a collection of interfaces for security purposes. All interfaces in a zone are equivalent from a security point of view. Configure the following zones:
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.