AnsweredHot!Policy for zone members

Author
marypoppins
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2021/07/22 04:11:30
  • Status: offline
2021/07/28 07:02:15 (permalink) 6.2
0

Policy for zone members

Dear All,
 
I try to make a policy in which one of the interface is a zone member, but I can not choose that from the interface list. It seems the zone members can not be used separately. Some interface has common rules, while in addition to those there are rules that specific only for one interface.
Is there any hack for this?

Thank you
#1
lobstercreed
Expert Member
  • Total Posts : 468
  • Scores: 61
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: online
Re: Policy for zone members 2021/07/30 12:23:40 (permalink) ☼ Best Answerby marypoppins 2021/08/13 01:22:42
5 (1)
You will either need to remove that interface from the zone (thus requiring additional policies), or use src/dst address to effectively filter the actual use of that rule to the interface in question. 
 
In other words if the zone includes Int_A, Int_B, and Int_C with subnets of 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 respectively, you can define the rule to allow (or block, or whatever) only traffic from 10.1.2.0/24 to effectively apply this to Int_B without applying it to Int_A and Int_C even though you have the zone selected as the source interface.
#2
ede_pfau
Expert Member
  • Total Posts : 6501
  • Scores: 563
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Policy for zone members 2021/07/31 16:09:27 (permalink)
0
Using a policy with interfaces "zone" to "zone" and filtering by address is not uncommon when you use zones - assuming intrazone traffic is blocked. If you compare it to a regular policy, traffic in those is selected/filtered by address as well. So, no reason not to use this setup, it's valid and safe.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#3
marypoppins
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2021/07/22 04:11:30
  • Status: offline
Re: Policy for zone members 2021/08/13 01:24:08 (permalink)
0
Thank you for your answers!
#4
Jump to:
© 2021 APG vNext Commercial Version 5.5