Chapter 1. X Family Startup Configuration

Virtual interfaces:

IP Address

Subnet Mask

NAT

Id

Type

Mode

1

internal

static

192.168.1.254

255.255.255.0

external-ip

2

external

dhcp

10.0.1.200

255.255.255.0

disable

3<empty>

4<empty>

5<empty>

6<empty>

Enter [A]ccept, [C]hange, [R]emove or [E]xit without saving [C]: a

Basic Security Zone Configuration

The Security Zone dialog modifies the basic configuration of security zones, which divide your network into logical security domains. Network traffic between security zones is routed and scanned by the firewall and the IPS policies that you create.

In the setup process, you can assign security zones to different ports. You can change the zone configuration at any time afterwards.

Example

In this example, a new security zone called MyZone is created:

Security zones enable you to section your network logically into security domains. As network traffic travels between zones, it is routed and security- scanned by the firewall and IPS according to the policies you define. You need to create security zones that naturally map onto your intended network security boundaries. A security zone may or may not be connected (mapped) to a virtual interface.

Would you like to modify security zones? <Y,[N]>:y

Security zones:

#

Zone name

Ports

1

LAN

1

2

VPN

None

3

WAN

6

4<empty>

5<empty>

6<empty>

7<empty>

8<empty>

9<empty>

10<empty>

Enter [A]ccept, [C]hange, [R]emove or [E]xit without saving [C]: c

Enter the number of the entry you want to change []: 2

Zone Name [LAN2]: MyZone

Network port (0 for None) [0]: 1

***WARNING: Accepting this change will move port 1 from "LAN" to "VPN".

10X Family CLI Reference V 2.5.1