zones
Syntax
zones {
functional-zone {
management {
description text;
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
interfaces interface-name {
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
}
screen screen-name;
}
}
security-zone zone-name {
address-book {
address address-name {
ip-prefix {
description text;
}
description text;
dns-name domain-name {
ipv4-only;
ipv6-only;
}
range-address lower-limit to upper-limit;
wildcard-address ipv4-address/wildcard-mask;
}
address-set address-set-name {
address address-name;
address-set address-set-name;
description text;
}
}
advance-policy-based-routing;
application-tracking;
description text;
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
interfaces interface-name {
host-inbound-traffic {
protocols protocol-name {
except;
}
system-services service-name {
except;
}
}
}
screen screen-name;
tcp-rst;
vrf [ vrf ... ];
}
}
Hierarchy Level
[edit security]
Description
A zone is a collection of interfaces for security purposes. All interfaces in a zone are equivalent from a security point of view. Configure the following zones:
Functional zone—Special-purpose zone, such as a management zone that can host dedicated management interfaces.
Security zone—Most common type of zone that is used as a building block in policies.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
-
Statement introduced in Junos OS Release 8.5.
-
Support for wildcard addresses added in Junos OS Release 11.1.
-
The
descriptionoption added in Junos OS Release 12.1. -
The
vrfoption is added in Junos OS Release 25.4R1. This option allows you to define VRFs that are part of this zone.