[Report an Error]

Configuring Security Zones (J-Web Procedure)

You can use J-Web to quickly configure security zones.

To configure security zones using the J-Web configuration editor:

  1. Select Configure>Security>Zones. The Zones/Screens Configuration page appears.
  2. In the Zones list section, click Add to define zones. The Add zones page appears.
  3. Fill in the options as shown in Table 135.
  4. Click one of the following buttons:

Table 135: Security Zones Options

Field

Function

Action

Main

Zone name

Name of the zone for which you are enabling policies

Specify a unique name for the zone you are adding.

Zone type

Type of zone you are adding.

Select either security or functional as the zone type.

Traffic Control Options

Send RST for non matching session

When the RST (reset) feature is enabled, the system sends a TCP segment with the RESET flag set when traffic arrives that does not match an existing session and does not have the SYNchronize flag set.

Select this check box to enable the tcp-rst feature, which sends a TCP segment with the RESET flag set to 1 in response to a TCP segment with any flag set other than SYN and that does not belong to an existing session.

Binding screen

Assign screens to a zone. If you have already configureed screens, the drop-down list shows the screen names and allows you to select or delete a screen.

Assign a screen to the zone.

Interfaces in this zone

Available interfaces for the security zone.

Use the left or right arrows to select or clear the interfaces that you want included in the security zone.

Host inbound traffic - Zone

Protocols

Protocols that permit inbound traffic of the selected type to be transmitted to hosts with the zone.

Highlight the protocols in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all protocols.

Services

Interface services that permit inbound traffic of the selected type to be transmitted to hosts within the zone, provided there is a policy that permits it.

Highlight the services in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all services.

Host inbound traffic - Interface

Interface services

Services that permit inbound traffic from the selected interface to be transmitted to hosts within the zone.

Highlight the interface services in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all interface services.

Note: If you select multiple interfaces, the existing Interface services and Interface protocols selections clear and new Interface services and Interface protocols selections are applied to the selected interfaces.

Interface protocols

Interface protocols that permit inbound traffic from the selected interface to be transmitted to hosts within the zone.

Highlight the interface protocols in the Available column and then use the right arrow to move them to the Selected column. Select all to permit all interface protocols.


[Report an Error]