Security zones are a logical way to group physical and
virtual interfaces on the firewall to control and log the traffic
that traverses specific interfaces on your network. You must assign
an interface on the firewall to a security zone before that interface
can process traffic. A zone can have multiple interfaces of the same
type, but an interface can belong to only one zone. You can create
zones directly on the firewall or as part of a network template
on Panorama™.
The following example shows you how to use a Panorama REST API
request to create a security zone with Ethernet interfaces and a
virtual SD-WAN interface. See
Configure an SD-WAN
Interface (REST API) for an example of a REST API request
to create a virtual SD-WAN interface and an example of a REST API request
to configure an Ethernet interface.
curl -X POST
'https://<Panorama>/restapi/v9.1/network/zones?location=template&template=SDWAN-Branch-Network&name=Untrust'
-H 'X-PAN-KEY: <api key>'
-d '{
"entry": {
"@name": "Untrust",
"enable-user-identification": "no",
"network": {
"layer3": {
"member": [
"ethernet1/1",
"ethernet1/2",
"sdwan.1"
]
}
}
}
}'