Focus

Bind Security Zones to Interfaces

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Bind Security Zones to Sites

Configure Security Prefixes

Bind Security Zones to Interfaces

Learn how to bind security zones to interfaces.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

You can attach or bind security zones to individual interfaces at the device-level. Bind zones to logical Layer 3 interfaces on a device and specify separate bindings for standard VPNs. You can bind security zones to the following types of interfaces.

WAN interface types with attached WAN circuit labels:

Layer 3 stand-alone interfaces
Layer 3 sub-interfaces
Layer 3 PPPoE interfaces
Layer 3 bypass pair, where the WAN member interface is available for zone binding
Layer 2 bypass pair, where the WAN member interface is single for zone binding
Loopback bypass pairs

Layer 3 Interfaces and Bypass pairs without a WAN circuit label:

Stand-alone Layer 3, where Used_for is LAN
Layer 3 bypass pair, where Used_for is LAN, and the LAN member interface is available for zone binding
Sub-interface Layer 3, where Used_for is LAN
Stand-alone, non-parent interface, where Used_for is NONE
Standard tunnel interface
Loopback bypass pairs

You cannot bind zones to the following types of interfaces:

Controller interfaces
LAN member interfaces of Layer 2 bypass pairs
Parent interfaces of sub-interfaces and PPPoE interfaces

If a site has both site-level bindings and device-level bindings, the two settings’ resulting configuration is united. In the event of a conflict between site-level bindings and device-level bindings, device-level bindings take precedence.

You can bind security zones to device interfaces either by selecting a security zone first and then binding it to a device interface or you can select the device interface first and then select a security zone for binding.

Select a security zone and bind it to a device interface(s).
1. Select ManagePoliciesSecuritySecurity Zones, and select a Security Zone.
2. From the ellipsis menu for a security zone, select View Interface Bindings.
3. Click Element.
4. Click Bind New Element.
5. Select an ION device and click Submit.
6. On the Element Zone Binding screen, select an interface(s) to bind to the zone.
7. Click Save.
Select a device from a site and bind a security zone to a device interface(s).
1. Select WorkflowsSites/Data CentersSelect a SiteConfigurationAdvancedBind Security Zones.
2. Select Devices and click Bind Zone.
3. Select a zone to bind and then click Done.
4. On the Zone Networks Binding for Zone screen, select an interface(s) to bind to the zone.
5. Click Save.

Bind Security Zones to Sites

Configure Security Prefixes

Prisma SD-WAN Docs

Bind Security Zones to Interfaces

Prisma SD-WAN Docs

Bind Security Zones to Interfaces

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices