Modifying zones and policies

You can modify the zones and class-action statements in a zone policy configuration without removing them from the policy:

  • To modify the ports associated with a zone, enter the class zone classname command. Remember that the classname you entered is case sensitive. From the class-configuration context, make the necessary changes by removing or adding ports. (To display a class configuration, enter the show class zone classname command.)

    When you exit class configuration context, the changes are automatically saved and applied to existing policy configurations on the switch that use the class if the policies have not been applied to a ONE application. If a policy has already been applied, the editing changes are not accepted, and an error message is displayed.

  • To modify the class-action statements in a policy, enter the policy policy-name command. (To display a policy configuration, enter the show policy policy-name command as shown.) From the policy-configuration context, complete one of the following:

    • Enter a new class-action statement. If you do not include a sequence number, the new class-action statement is inserted at the end of the policy configuration.

    • Remove a class-action statement by entering the no sequence-number command.

    • Replace an existing class-action statement by:

      • Entering the no sequence-number command to delete the entry.

      • Entering a new class zone source zone name destination zone name action intercept unidirectional command.

When you exit the policy-configuration context, the changes are automatically applied to the policy configuration if the policy has not been applied to an interface. If the policy has already been applied to an interface, the editing changes are not accepted and an error message is displayed.