This page displays a table that lists zones on the device. It also provides the following information about each zone:
ID: The ID number assigned to the zone. Zone ID numbers 0 – 999 are reserved for system use. User-defined security and tunnel zones can have ID numbers from 1000 – 2047.
Name: The name of the zone.
Virtual Router: The virtual router in whose routing domain the zone belongs. This router contains all routing information for the zone in its routing table.
VSYS: The system in which the zone is located, either the root system or a virtual system.
Default IF: The default physical interface bound to a Layer 3 security zone and to the HA and MGT function zones, or the default logical interface bound to a Layer 2 security zone and to the Self function zone. If there is no interface for a zone, null is listed.
Note: The Global zone does not have an interface.
Type: The zone type. Zone types are identified as follows:
Null: A function zone that serves as temporary storage for any interfaces not bound to any other zone.
Security(L3): A Layer 3 security zone.
Security(L2): A Layer 2 security zone.
Tunnel: A logical segment that hosts one or more tunnel interfaces.
Function: Modular areas within ScreenOS that provide specific functions. Examples of function zones are HA, MGT, VLAN and Self.
Attribute: If the zone is shared by the root system and virtual systems, this attribute is identified in this column. The Null and Untrust zones are shared by default.
Configure: In this column, you can perform the following actions:
Click Edit to modify a predefined or user-defined security zone configuration or a user-defined tunnel zone configuration.
Click Screen to open the Screen Options page where you can select screen options which enable defense mechanisms that detect and deflect common network attacks. For more information, see Screen Options.
Click Mal-URL to open the Malicious URL Protection page where you can enable the NetScreen device to monitor each incoming HTTP packet and detect any URL that matches any of several user-defined patterns. For more information, see Malicious URL Protection.
Click Remove to delete a user-defined security zone or user-defined tunnel zone.
Note: Before you can delete a security zone, you must first delete any access policies that reference that zone, then any DIPs, MIPs or VIPs on interfaces bound to that zone, and finally any interfaces and sub-interfaces bound to that zone.
To create a new zone, click New. For more information, see Zone Configuration.
In the Configure column, click Edit for the
zone you want to modify.
For more information, see Zone Configuration.
In the Configure column, click Remove for the zone you want to delete.
Note: The Remove option is only available if no access policies reference that zone, no DIPs, MIPs, or VIPs exist on interfaces bound to that zone, and no physical interfaces or sub-interfaces are bound to that zone.