Chapter 3. Command Reference

conf t zone

Use the configure terminal zone command to create and configure security zones on the device.

add zone-name

adds the named security zone.

remove zone-namedeletes a security zone.

update zone-name

updates the named security zone.

 

addresses < disable group group-name subnet ip netmask mask

 

range ip1 ip2 >

 

specifies the devices that are permitted inside a security zone by group, subnet, or IP

 

address range.

 

bandwidth [ outbound <1–100000> ] [ inbound <1–100000> ]

 

configures the bandwidth for the security zone in kbps.

 

mtu mtu

 

specifies the MTU number.

 

ports < [slot/port [slot/port] ...] [vlan-tagged slot/port [slot/port] ...] ] none >

 

designates the ports on which the security zone exists, and which port, if any, is

 

tagged with VLAN.

 

vlan-idvlan-ID-number

 

specifies the VLAN ID number, if used.

 

vpn-tunnel-access < enable disable >

 

enables or disables VPN tunnel access to the security zone.

 

 

 

Using conf t zone

update a

Use configure terminal zone update to modify a security zone. In this example, the security zone

Security Zone

LAN is updated with port 1 from slot 3 and 2 from slot 3 un-tagged, and port 4 from slot 3 vlan-tagged:

 

hostname# conf t zone update LAN ports 3/1 3/2 vlan-tagged 3/4

configure

Use configure terminal zone update addresses to restrict the devices permitted inside a security

network

zone to a particular subnet. In this example, only devices on the subnet 192.168.10.0/24 are permitted

protection

inside the security zone:

 

hostname# conf t zone update LAN addresses subnet 192.168.10.0 netmask

 

255.255.255.0

80 X Family CLI Reference V 2.5.1