Create a Zone Protection profile to provide Ethernet
SGT Protection.
Select
Network
Network Profiles
Zone Protection
.
Add
a Zone Protection profile
by
Name
.
Select
Ethernet SGT Protection
.
Add
a
Layer 2 SGT
Exclude List
by name.
Enter one or more
Tag
values
for the list; range is 0 to 65,535. You can enter individual entries
that are a contiguous range of tag values (for example, 100-500).
You can add up to 100 (individual or range) tag entries in an Exclude
List.
Enable
the Layer 2 SGT Exclude
List. You can disable the list at any time.
Click
OK
.
Apply the Zone Protection profile to the security zone
to which the Layer 2, virtual wire, or tap interfaces belong.
Select
Network
Zones
.
Add
a zone.
Enter the
Name
of the zone.
For
Location
, select the virtual
system where the zone applies.
For
Type
, select
Layer2
,
Virtual Wire
,
or
Tap
.
Add
an
Interface
that
belongs to the zone.
For
Zone Protection Profile
,
select the profile you created.
Click
OK
.
Commit
.
View the global counter of packets that the firewall
dropped as a result of all Zone Protection profiles that employ
Ethernet SGT Protection.