security zone¶

security zone(1) BIG-IP TMSH Manual security zone(1)

NAME
zone - Configures firewall zones.

MODULE
security

SYNTAX
Zones are reusable objects that are used to classify traffic in firewall policy. Zone is defined as consisting
of one or more Vlans, and traffic matching one of the zone member Vlans belongs to the Zone. Zone object can
be used as a "source" or "destination" specifier in Firewall policy rules to either mean originating from, or
destined-to traffic. Modify the zone component within the security zone module using the syntax shown in the
following sections.

CREATE/MODIFY
create zone [name]
options:
copy-from [string]
modify zone [name]
options:
vlans [add | delete | modify | replace-all-with] {
[ vlan_name ]
}
vlans none

edit zone

DISPLAY
list zone
show running-config zone
options:
all-properties
non-default-properties
one-line

DESCRIPTION
You can use the zone component to configure a shareable and reusable set of network firewall zones which can
be associated as enforced or staged with a number of configuration objects of the following types: security
firewall policy.

EXAMPLES
modify zone vlans add {
vlan-1 { }
vlan-2 { } }

Creates a zone configuration that includes vlan-1 and vlan-2 as members.

list zone

Displays the current list of zones.

OPTIONS
copy-from
(CREATE)Specifies the name of an existing policy from which to copy all configuration options.

vlans
Adds, deletes, or replaces a zone vlan member. Specifies one or more vlans against which the packet will
be compared, when used with security firewall policy rules.

SEE ALSO
create, edit, list, modify, security firewall policy, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

BIG-IP 2018-06-27 security zone(1)