Using the firewall zone command, you can define a zone and enter the zone view.
Using the undo firewall zone command, you can delete the zone.
firewall zone zone-name
firewall zone name zone-name [ id id ]
undo firewall zone name zone-name
| Parameter | Description | Value |
|---|---|---|
name |
Specifies the name of a new/deleted zone. |
- |
zone-name |
Specifies the name of a security zone. |
The value is a case-sensitive string. If the name does not contain any spaces, the length is 1 to 32 characters. If the name contains spaces, the length is 3 to 34 characters and the name must be enclosed with double quotation marks (""), for example, "user for test". The name cannot contain any question marks (?), commas (,), quotation marks ("), or hyphens (-). To avoid confusion, the security zone cannot be named name or vpn-instance. |
id id |
Specifies the ID of a security zone. |
The value is an integer ranging from 4 to 254. |
There are four reserved security zones on FW:
Untrust zone
It is a low-level security zone, whose priority is 5.
Demilitarized Zone (DMZ)
It is a medium level security zone, whose priority is 50.
Trust zone
It is a high-level security zone, whose priority is 85.
Local zone
It is a highest-level security zone, whose priority is 100.
You do not need to create the four zones above. At the same time, deleting and re-setting the security level is prohibited.
Keyword name is used only when you create or delete a zone. You are not required to set the keyword when entering a zone view.
If a security zone referenced by a security policy or NAT policy is to be deleted, delete the reference relationship before running the undo firewall zone command. After this operation is performed, the device deletes all configurations of the security zone.