Bind Security Zones to Interfaces
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
- Prisma SD-WAN Incidents and Alerts
Bind Security Zones to Interfaces
Learn how to bind security zones to interfaces.
Where Can I Use
This? | What Do I
Need? |
|---|---|
|
|
You can attach or bind security zones to individual
interfaces at the device-level. Bind zones to logical Layer 3 interfaces
on a device and specify separate bindings for standard VPNs. You
can bind security zones to the following types of interfaces.
WAN
interface types with attached WAN circuit labels:
- Layer 3 stand-alone interfaces
- Layer 3 sub-interfaces
- Layer 3 PPPoE interfaces
- Layer 3 bypass pair, where the WAN member interface is available for zone binding
- Layer 2 bypass pair, where the WAN member interface is single for zone binding
- Loopback bypass pairs
Layer 3 Interfaces
and Bypass pairs without a WAN circuit label:
- Stand-alone Layer 3, where Used_for is LAN
- Layer 3 bypass pair, where Used_for is LAN, and the LAN member interface is available for zone binding
- Sub-interface Layer 3, where Used_for is LAN
- Stand-alone, non-parent interface, where Used_for is NONE
- Standard tunnel interface
- Loopback bypass pairs
You cannot bind zones
to the following types of interfaces:
- Controller interfaces
- LAN member interfaces of Layer 2 bypass pairs
- Parent interfaces of sub-interfaces and PPPoE interfaces
If
a site has both site-level bindings and device-level bindings, the
two settings’ resulting configuration is united. In the event of
a conflict between site-level bindings and device-level bindings,
device-level bindings take precedence.
You can bind
security zones to device interfaces either by selecting a security
zone first and then binding it to a device interface or you can
select the device interface first and then select a security zone
for binding.
- Select a security zone and bind it to a device interface(s).
- Select, and select a Security Zone.ManagePoliciesSecuritySecurity Zones
- From the ellipsis menu for a security zone, selectView Interface Bindings.
- ClickElement.
- ClickBind New Element.
- Select an ION device and clickSubmit.
- On theElement Zone Bindingscreen, select an interface(s) to bind to the zone.
- ClickSave.
- Select a device from a site and bind a security zone to a device interface(s).
- Select.WorkflowsSites/Data CentersSelect a SiteConfigurationAdvancedBind Security Zones
- SelectDevicesand clickBind Zone.
- Select a zone to bind and then clickDone.
- On theZone Networks Binding for Zonescreen, select an interface(s) to bind to the zone.
- ClickSave.