security-zone
Syntax
security-zone zone-name {
address-book {
address address-name {
ip-prefix {
description text;
}
description text;
dns-name domain-name {
ipv4-only;
ipv6-only;
}
range-address lower-limit to upper-limit;
wildcard-address ipv4-address/wildcard-mask;
}
address-set address-set-name {
address address-name;
address-set address-set-name;
description text;
}
}
advance-policy-based-routing;
application-tracking;
description text;
enable-reverse-reroute;
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
interfaces interface-name {
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
}
screen screen-name;
source-identity-log;
tcp-rst;
unidirectional-session-refreshing;
white-list white-list name;
}
Hierarchy Level
[edit security zones]
Description
Define a security zone, which allows you to divide the network into different segments and apply different security options to each segment.
Options
zone-name —Name of the security zone.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Support for wildcard addresses added in Junos OS Release 11.1.
The description option added in Junos OS Release 12.1.
The unidirectional-seesion-refreshing option added in Junos OS
Release 20.4R1.
The white-list option added in Junos OS Release 23.4R1.