Create a Zone Protection profile to provide Ethernet
SGT Protection.
Select NetworkNetwork ProfilesZone Protection.
Add a Zone Protection profile
by Name.
Select Ethernet SGT Protection.
Add a Layer 2 SGT
Exclude List by name.
Enter one or more Tag values
for the list; range is 0 to 65,535. You can enter individual entries
that are a contiguous range of tag values (for example, 100-500).
You can add up to 100 (individual or range) tag entries in an Exclude
List.
Enable the Layer 2 SGT Exclude
List. You can disable the list at any time.
Click OK.
Apply the Zone Protection profile to the security zone
to which the Layer 2, virtual wire, or tap interfaces belong.
Select NetworkZones.
Add a zone.
Enter the Name of the zone.
For Location, select the virtual
system where the zone applies.
For Type, select Layer2, Virtual Wire,
or Tap.
Add an Interface that
belongs to the zone.
For Zone Protection Profile,
select the profile you created.
Click OK.
Commit.
View the global counter of packets that the firewall
dropped as a result of all Zone Protection profiles that employ
Ethernet SGT Protection.