Focus

Next-Generation Firewall

Create a Zone

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Configure Ethernet SGT Protection

Configure an IPSec Tunnel

Create a Zone

Assign your firewall interfaces to a zone to segment your network.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

Assign one or more firewall interfaces to a zone to segment your network to control protection for each zone individually.

Strata Cloud Manager

Configure your firewall interfaces.

Select

Manage

Configuration

NGFW and Prisma Access

Device Settings

Interfaces

and select the Configuration Scope where you want to create the zone.

You can select a folder or firewall from your

Folders

or select

Snippets

to configure the zone in a snippet.

Add Zone

Configure the zone.

Select the

Interface Type

Select

Layer2

if you want to add Layer 2 interfaces to the zone or

Layer 3

to add Layer 3 interfaces.

Add

one or more interfaces to the zone.

(Optional) Select a

Zone Protection Profile

to specify how the firewall responds to attack from this zone.

Select

Create New

to create a new Zone Protection profile inline.

(Optional) Confirm you want to

Enable Packet Buffer Protection

This setting is enabled by default. The firewall applies Packet Buffer Protection to the ingress zone only to protect the zone from DoS attacks and aggressive sessions and sources.

(Optional)

Enable User ID ACL

This setting is disabled by default. When disabled, the firewall applies user mapping information it discovers to all traffic of this zone for use in logs, reports, and policy rules. When enabled, the firewall

(Optional)

Enable Device ID ACL

This setting is disabled by default.

Save

Configure Ethernet SGT Protection

Configure an IPSec Tunnel

Next-Generation Firewall Docs

Create a Zone

Next-Generation Firewall Docs

Create a Zone

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner