zones
Syntax
zones {
functional-zone {
management {
description text;
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
interfaces interface-name {
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
}
screen screen-name;
}
}
security-zone zone-name {
address-book {
address address-name {
ip-prefix {
description text;
}
description text;
dns-name domain-name {
ipv4-only;
ipv6-only;
}
range-address lower-limit to upper-limit;
wildcard-address ipv4-address/wildcard-mask;
}
address-set address-set-name {
address address-name;
address-set address-set-name;
description text;
}
}
advance-policy-based-routing;
application-tracking;
description text;
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
interfaces interface-name {
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
}
screen screen-name;
tcp-rst;
}
}
Hierarchy Level
[edit security]
Description
A zone is a collection of interfaces for security purposes. All interfaces in a zone are equivalent from a security point of view. Configure the following zones:
Functional zone—Special-purpose zone, such as a management zone that can host dedicated management interfaces.
Security zone—Most common type of zone that is used as a building block in policies.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
8.5. Support for wildcard addresses added in Junos OS Release 11.1.
The description option added in Junos OS Release 12.1.