[x]

Configuring a security zone > Specifying the default action for packets between interfaces in the same security zone

 

 Next

Specifying the default action for packets between interfaces in the same security zone

By default, packets exchanged between interfaces in the same security zone are dropped if no zone pair is configured from a security zone to the security zone itself. You can use this feature to change the processing policy for the packets.

To specify the default action for packets exchanged between interfaces in the same security zone:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Specify the default action for packets exchanged between interfaces in the same security zone.

  • Set the default action to permit:security-zone intra-zone default permit

  • Set the default action to deny:undo security-zone intra-zone default permit

By default, the default action is deny for packets exchanged between interfaces in the same security zone.

prev

 

up

 next

Creating a zone pair 

home

 Displaying security zones

© Copyright 2017 Hewlett Packard Enterprise Development LP