Security Zone
Configure Security Zone.
- Each Security Zone must have either
vpnsorinterfacesconfigured, but not both. - VPN names must reference existing LAN VPNs defined in
service_profiles.lan_vpns.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”policy_object_profile (sdwan.feature_profiles)
Section titled “policy_object_profile (sdwan.feature_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| security_zones | List | [security_zones] | No |
security_zones (sdwan.feature_profiles.policy_object_profile)
Section titled “security_zones (sdwan.feature_profiles.policy_object_profile)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,32}$ | Yes | |
| vpns | List | String[Regex: ^[^&<>! "]{1,128}$] | No | |
| interfaces | List | String[Regex: (ATM|ATM-ACR|AppGigabitEthernet|AppNav-Compress|AppNav-UnCompress|Async|BD-VIF|BDI|CEM|CEM-ACR|Cellular|Dialer|Embedded-Service-Engine|Ethernet|Ethernet-Internal|FastEthernet|FiftyGigabitEthernet|FiveGigabitEthernet|FortyGigabitEthernet|FourHundredGigE|GMPLS|GigabitEthernet|Group-Async|HundredGigE|L2LISP|LISP|Loopback|MFR|Multilink|Port-channel|SM|Serial|Service-Engine|TenGigabitEthernet|Tunnel|TwentyFiveGigE|TwentyFiveGigabitEthernet|TwoGigabitEthernet|TwoHundredGigE|Vif|Virtual-PPP|Virtual-Template|VirtualPortGroup|Vlan|Wlan-GigabitEthernet|nat64|nat66|ntp|nve|ospfv3|overlay|pseudowire|ucse|vasileft|vasiright|vmi)(\w+)((\/\d+)*(\.\d+)?)?] | No |
Examples
Section titled “Examples”Example-1: This example demonstrates how to configure a Security Zone with VPNs.
sdwan: feature_profiles: policy_object_profile: security_zones: - name: security_zone1 vpns: - service_lan_vpn1 - service_lan_vpn2Example-2: This example demonstrates how to configure a Security Zone with Interfaces.
sdwan: feature_profiles: policy_object_profile: security_zones: - name: security_zone2 interfaces: - GigabitEthernet1 - GigabitEthernet2