Prisma SD-WAN
Bind Security Zones to Sites
Table of Contents
Bind Security Zones to Sites
Learn how to bind security zones to sites.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can bind security zones at the site level or at the device-level. You can associate a
security zone with a specific interface or a subnet or with multiple interfaces and
networks at a site, including LANs, WANs, or VPNs. However, each interface or
network attaches to only one zone. If you do not bind a security zone to an
interface or subnet, it blocks all the traffic.
Use site bindings to map firewall zones to
interfaces and networks. Binding a zone to a site attaches networks to
the zones for that site. A zone can have multiple networks, but
a network can only have one zone.
If a site has both
site-level bindings and device-level bindings, the two settings’
resulting configuration is united. In the event of a conflict between
site-level bindings and device-level bindings, device-level bindings
take precedence.
You can bind security zones to sites
either by selecting a security zone first and then binding it to
site or you can select the site first and then select a security
zone for binding.
- Select a security zone and bind it to a site.
- Select , and select a Security Zone.From the ellipsis menu for a security zone, select View Interface Bindings.Click Site.Click Bind New Site.Select a site to bind and click Submit.On the Site Zone Binding for Site screen, select a circuit(s) to bind to the zone.Click Save.Select a site and bind a security zone to a device interface(s).
- Select .Select Sites and click Bind Zone.Select a zone to bind and then click Done.On the Zone Networks Binding for Zone screen, select a circuit(s) to bind to the zone.Click Save.
