- Network > Network Profiles > Zone Protection > Protocol Protection
The firewall normally allows non-IP protocols between Layer 2 zones and between virtual wire zones. Protocol protection allows you to control which non-IP protocols are allowed (include) or denied (exclude) between or within security zones on a Layer 2 VLAN or virtual wire. Examples of non-IP protocols include AppleTalk, Banyan VINES, Novell, NetBEUI, and Supervisory Control and Data Acquisition (SCADA) systems such as Generic Object Oriented Substation Event (GOOSE).
After you configure protocol protection in a Zone Protection profile, apply the profile to an ingress security zone on a Layer 2 VLAN or virtual wire.
Zone Protection Profile Settings—Protocol Protection
NetworkNetwork ProfilesZone ProtectionProtocol Protection
Specify the type of list you are creating for protocol protection:
Enter the protocol name that corresponds to the Ethertype code you are adding to the list. The firewall does not verify that the protocol name matches the Ethertype code but the Ethertype code does determine the protocol filter.
Enable the Ethertype code on the list. If you want to disable a protocol for testing purposes but not delete it, disable it, instead.
Enter an Ethertype code (protocol) preceded by 0x to indicate hexadecimal (range is 0x0000 to 0xFFFF). A list can have a maximum of 64 Ethertypes.
Some sources of Ethertype codes are:
Zone Protection for Non-IP Protocols on a Layer 2 VLAN or Virtual Wire
Zone Protection for Non-IP Protocols on a Layer 2 VLAN or Virtual Wire You can now use a Zone Protection profile to block or allow ...
Protocol Protection While packet-based attack protection defends against Layer 3 packet-based attacks, protocol protection defends against non-IP protocol packets. The protocol protection portion of a zone ...
Use Case: Non-IP Protocol Protection Between Security Zones on Layer 2 Interfaces
Use Case: Non-IP Protocol Protection Between Security Zones on Layer 2 Interfaces In this use case, the firewall is in a Layer 2 VLAN divided ...
Use Case: Non-IP Protocol Protection Within a Security Zone on Layer 2 Interfaces
Use Case: Non-IP Protocol Protection Within a Security Zone on Layer 2 Interfaces If you don’t implement a Zone Protection profile with non-IP protocol protection, ...
Networking Features Tunnel Content Inspection Multiprotocol BGP Zone Protection for Multi-path TCP (MPTCP) Evasions Zone Protection for Non-IP Protocols on a Layer 2 VLAN or ...
Configure Protocol Protection
Configure Protocol Protection Protect virtual wire or Layer 2 security zones from non-IP protocol packets by using Protocol Protection . Use Case: Non-IP Protocol Protection ...
Configure a Layer 2 Interface, Subinterface, and VLAN
Configure a Layer 2 Interface, Subinterface, and VLAN Configure Layer 2 Interfaces with VLANs when you want Layer 2 switching and traffic separation among VLANs. ...
Zone Protection for a Virtual Wire Interface
You can provide virtual wire interfaces with zone protection; a few packet-based attack protections that are based on IP addresses don’t apply to virtual wire ...
Create an Outbound Contract
Create an Outbound Contract Create a contract with a filter that allows DNS, NTP, HTTP, and HTTPS traffic. You will use this contract to allow ...