Bind Zones to Devices

Prisma SD-WAN zbfw allows you to bind zones to devices.
Bind zones to logical Layer 3 interfaces on a device and specify separate bindings for standard VPNs. Zones bound to the interfaces:
WAN interface types with attached WAN circuit labels:
  • Layer 3 stand-alone interfaces
  • Layer 3 sub-interfaces
  • Layer 3 PPPoE interfaces
  • Layer 3 bypass pair, where the WAN member interface is available for zone binding
  • Layer 2 bypass pair, where the WAN member interface is single for zone binding
  • Loopback bypass pairs
Layer 3 Interfaces and Bypass pairs without a WAN circuit label:
  • Stand-alone Layer 3, where Used_for is LAN
  • Layer 3 bypass pair, where Used_for is LAN, and the LAN member interface is available for zone binding
  • Sub-interface Layer 3, where Used_for is LAN
  • Stand-alone, non-parent interface, where Used_for is NONE
  • Standard tunnel interface
  • Loopback bypass pairs
Zones cannot be bound to the following types of interfaces:
  • Controller interfaces
  • LAN member interfaces of Layer 2 bypass pairs
  • Parent interfaces of sub-interfaces and PPPoE interfaces
If a site has both site-level bindings and device-level bindings, the two settings’ resulting configuration is united. In the event of a conflict between site-level bindings and device-level bindings, device-level bindings take precedence.
  1. Click
    Map
    .
    Perform one of the following to search or select a site to display its configuration details.
    1. Type a
      site name
      or
      address
      in the search field.
    2. Click the right-facing arrow to display a list of existing sites.
  2. Select
    Options > Security Zone Binding
    and then once on the appropriate tab, click
    Bind Zone
    .
    Bind zones to devices from the
    Devices
    tab (zone bindings on devices override zone bindings on the site).
  3. Choose the zone name from the list of zones and
    Select
    .
  4. Choose the zone network bindings for the zone and
    Save
    .
    All VPNs are bound to a single zone. Verify that the networks you select for zone bindings are attached to an interface. A zone is bound to multiple networks, including LANs, WANs, or VPNs. However, each network is attached to one zone.
    Bind the zone to networks for a site when editing a policy set by selecting the security policy set. All VPNs are bound to a single zone and indicated as a single VPN in the Name column on the Zone Network Bindings for Zone screen. Once you have bound the zones to a site and an interface, create Security Policy Sets and Security Policy Rules for your traffic.

Recommended For You