Creating a zone policy
To create a zone policy that performs zone-specific actions on selected packets, follow these steps:
-
Enter the
policy zone policy-name
command from the global configuration context.Context: Global configuration
Syntax:
no policy zonepolicy-name
Defines the name of a service policy and enters the policy configuration context, where
policy-name
is a text string (64 characters maximum). This name should not be the same as a zone name.A zone policy consists of one or more actions that are configured for specific zones.
No action is performed on packets sent to or from ports in the BYPASS zone. By default, ports are assigned to the BYPASS zone unless you explicitly assign them to a different zone.
-
To configure the actions that you want to execute on ports associated with a zone, enter one or more
class
commands from the policy configuration context.Context: Policy configuration
Syntax:
no [seq-number] class zonesource zone name destination zone name action intercept unidirectional
Defines the source and destination zones for packets that must be intercepted and forwarded to the ONE application.seq-number
(Optional) Sequentially orders the class-action statements in a policy configuration. Actions are executed on matching packets in numerical order.
source zone name
Defines the source zone for packets that must be intercepted and forwarded to the ONE application.
destination zone name
Defines the destination zone for packets that must be intercepted and forwarded to the ONE application.
action intercept unidirectional
Defines the action as intercept and the flow of traffic as unidirectional (one-way).
Default: Class-action statements are numbered in increments of 10, starting at 10.
The configured actions are executed on packets that arrive on the ports associated with the source zone and are destined for ports associated with the destination zone.
You cannot configure intercept rules for the BYPASS zone class. As such, traffic to and from the BYPASS zone cannot be intercepted.
-
Enter the
exit
command to exit the policy configuration context. -
To display a policy configuration, enter the
show policy policy-name
command.To edit a policy configuration, re-enter the policy context (
policy
command) and modify class-action statements.