ZBFW Prefix Filters

When you create prefix filters, specify the filters scope to control whether it applies to global or local.
Prefix filters specify a group of one or more individual IP addresses or IP address subnets. With security policies, prefix filters restrict access within a branch and filter out traffic to specific IP addresses within the particular source and destination zones. As with application definitions, you can reuse prefix filters across the rules and policy sets you have created for security policy rules.
  • Global prefix filters use the same set of prefixes. By applying the global prefix filters defined for custom applications, leverage the security policy application definition.
  • Local prefix filters use branch location. They enable you to address site-specific scenarios where devices in a specific zone such as a guest zone.
Local filters allow administrators to create a single policy across all sites to describe application behavior, eliminating the need to develop individual policies on a per-site basis. It automatically populates the prefix values for the specific branch location and notifies the administrator to settle deals for local prefix filters as needed, if you add a new branch, simplify policy administration, and reduce the number of rules that need to be configured and managed.

Recommended For You