Security-Zone; Security-Zone Intra-Zone Default Permit - HPE D6020 Maintenance And Service Manual

security-zone

Use security-zone to create a security zone and enter its view, or enter the view of an existing
security zone.
Use undo security-zone to delete a security zone.
Syntax
security-zone name zone-name
undo security-zone name zone-name
Default
No security zone exists.
Views
System view
Predefined user roles
network-admin
Parameters
name zone-name: Specifies the security zone name, a case-insensitive string of 1 to 31 characters.
It cannot contain hyphens (-) or percentage signs (%), and it cannot be any. To include a backward
slash (\) or quotation mark (") in the security zone name, you must use the escape character (\).
Usage guidelines
The device provides the following system-defined security zones: Local, Trust, DMZ, Management,
and Untrust. These security zones are created automatically by the system when one of following
events occurs:
•
The first command for creating a security zone is executed.
•
The first command for creating an object policy is executed.
•
The first command for entering the view of a system-defined security zone is executed.
System-defined security zones cannot be deleted.
You can use this command multiple times to create multiple security zones.
Deleting a security zone also deletes the following items:
•
All zone pairs that use the security zone as the source or destination security zone.
•
All object policy applications on the zone pairs.
Examples
# Create the security zone zonetest and enter security zone view.
<Sysname> system-view
[Sysname] security-zone name zonetest
[Sysname-security-zone-zonetest]
Related commands
display security-zone
import interface

security-zone intra-zone default permit

Use security-zone intra-zone default permit to set the default action to permit for packets
exchanged between interfaces in the same security zone.
274