zones

Syntax

zones {functional-zone {management {host-inbound-traffic {protocols { protocol-name ; protocol-name <except>;}system-services { service-name ; service-name <except>;}}interfaces interface-name {host-inbound-traffic {protocols { protocol-name ; protocol-name <except>;}system-services { service-name ; service-name <except>;}}}screen screen-name ;}}security-zone zone-name {address-book {address address-name ( ip-prefix | dns-name dns-address-name );address-set address-set-name {address address-name ;}}host-inbound-traffic {protocols { protocol-name ; protocol-name <except>;}system-services { service-name ; service-name <except>;}}interfaces interface-name {host-inbound-traffic {protocols { protocol-name ; protocol-name <except>;}system-services { service-name ; service-name <except>;}}}screen screen-name ;tcp-rst;}}

Hierarchy Level

[edit security]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

A zone is a collection of interfaces for security purposes. All interfaces in a zone are equivalent from a security point of view. Configure the following zones:

Functional zone—Special-purpose zone like management zone that can host dedicated management interfaces.
Security zone—Most common type of zone that is used as a building block in policies.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.