Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dor_Marcovitch
Advisor

Security Zone Configuration

Jump to solution

Hey,

 

i couldn't understand from documentation:

1) can i configure security zones only on part of the interfaces of a FW

2) on a single rule can i mix network objects and security zones?

 

thanks

dor

0 Kudos
1 Solution

Accepted Solutions
the_rock
Champion
Champion

Ok, I stand corrected, I was wrong...yes, you can also mix and match in "child" rules. See basic example I did in attached screenshot. This is all R81.10 (gw and mgmt server), but I also tried in older version, worked fine!

Screenshot_1.png

Andy

 
 

 

View solution in original post

4 Replies
Chris_Atkinson
Employee
Employee

Correct "Zones" are applied to an interface/s within the gateway topology.

When you say mix to do you mean also within the same source/destination columns?

Refer also: sk128572

0 Kudos
the_rock
Champion
Champion

For ? number 1, answer is yes and for ? number 2, its yes, but I believe only if you are referring to parent layered rule, not sure if it might work correctly if you try do it in "child"rules of that layer. I will try it in lab and see if it passes verification. Honestly, I would not bother with it, because as long as your parent layered rule contains right zone, that's what matters the most.

0 Kudos
the_rock
Champion
Champion

Ok, I stand corrected, I was wrong...yes, you can also mix and match in "child" rules. See basic example I did in attached screenshot. This is all R81.10 (gw and mgmt server), but I also tried in older version, worked fine!

Screenshot_1.png

Andy

 
 

 

Dor_Marcovitch
Advisor

thanks, that worked for me also when only part of the interfaces are "attached" to a security zone.