system : zone
 
zone
Use this command to add or edit zones.
In NAT/Route mode, you can group related interfaces or VLAN subinterfaces into zones. Grouping interfaces and subinterfaces into zones simplifies policy creation. For example, if you have two interfaces connected to the Internet, you can add both of these interfaces to the same zone. Then you can configure policies for connections to and from this zone, rather than to and from each interface.
In Transparent mode you can group related VLAN subinterfaces into zones and add these zones to virtual domains.
Syntax
config system zone
edit <zone_name>
set interface <name_str>
set intrazone {allow | deny}
end
Variable
Description
Default
edit <zone_name>
Enter the name of a new or existing zone.
 
interface <name_str>
Add the specified interface to this zone. You cannot add an interface if it belongs to another zone or if firewall policies are defined for it.
No default.
intrazone {allow | deny}
Allow or deny traffic routing between different interfaces in the same zone.
deny