: Bind Security Zones to Interfaces
Focus
Focus

Bind Security Zones to Interfaces

Table of Contents

Bind Security Zones to Interfaces

Learn how to bind security zones to interfaces.
You can attach or bind security zones to individual interfaces at the device-level. Bind zones to logical Layer 3 interfaces on a device and specify separate bindings for standard VPNs. You can bind security zones to the following types of interfaces.
WAN interface types with attached WAN circuit labels:
  • Layer 3 stand-alone interfaces
  • Layer 3 sub-interfaces
  • Layer 3 PPPoE interfaces
  • Layer 3 bypass pair, where the WAN member interface is available for zone binding
  • Layer 2 bypass pair, where the WAN member interface is single for zone binding
  • Loopback bypass pairs
Layer 3 Interfaces and Bypass pairs without a WAN circuit label:
  • Stand-alone Layer 3, where Used_for is LAN
  • Layer 3 bypass pair, where Used_for is LAN, and the LAN member interface is available for zone binding
  • Sub-interface Layer 3, where Used_for is LAN
  • Stand-alone, non-parent interface, where Used_for is NONE
  • Standard tunnel interface
  • Loopback bypass pairs
You cannot bind zones to the following types of interfaces:
  • Controller interfaces
  • LAN member interfaces of Layer 2 bypass pairs
  • Parent interfaces of sub-interfaces and PPPoE interfaces
If a site has both site-level bindings and device-level bindings, the two settings’ resulting configuration is united. In the event of a conflict between site-level bindings and device-level bindings, device-level bindings take precedence.
You can bind security zones to device interfaces either by selecting a security zone first and then binding it to a device interface or you can select the device interface first and then select a security zone for binding.
  • Select a security zone and bind it to a device interface(s).
    1. Select
      Manage
      Policies
      Security
      Security Zones
      , and select a Security Zone.
    2. From the ellipsis menu for a security zone, select
      View Interface Bindings
      .
    3. Click
      Element
      .
    4. Click
      Bind New Element
      .
    5. Select an ION device and click
      Submit
      .
    6. On the
      Element Zone Binding
      screen, select an interface(s) to bind to the zone.
    7. Click
      Save
      .
  • Select a device from a site and bind a security zone to a device interface(s).
    1. Select
      Workflows
      Sites/Data Centers
      Select a Site
      Configuration
      Advanced
      Bind Security Zones
      .
    2. Select
      Devices
      and click
      Bind Zone
      .
    3. Select a zone to bind and then click
      Done
      .
    4. On the
      Zone Networks Binding for Zone
      screen, select an interface(s) to bind to the zone.
    5. Click
      Save
      .

Recommended For You