Security-Zone Policy Deny - HPE D6020 Maintenance And Service Manual

security-zone policy deny

Use security-zone policy deny to enter user role security zone policy view.
Use undo security-zone policy deny to restore the default.
Syntax
security-zone policy deny
undo security-zone policy deny
Default
A user role has access to all security zones.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the security zone access of a user role to a set of security zones, perform the following
tasks:
1. Use security-zone policy deny to enter user role security zone policy view.
2. Use permit security-zone to specify accessible security zones.
NOTE:
The security-zone policy deny command denies the access of the user role to all security zones if
the permit security-zone command is not configured.
To configure a security zone, make sure the zone is permitted by the user role security zone policy in
use. You can perform the following tasks on an accessible security zone:
•
Create, remove, or configure the security zone.
•
Enter the security zone view.
•
Specify the security zone in feature commands.
Any change to a user role security zone policy takes effect only on users who log in with the user role
after the change.
Examples
# Enter user role security zone policy view of role1, and deny the access of role1 to all security
zones.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] quit
# Enter user role security zone policy view of role1, and deny the access of role1 to all security
zones except for security zones trust and abc.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] permit security-zone trust abc
41