Overlap-Zone difference Vsys

Reply
L3 Networker

Overlap-Zone difference Vsys

HI Expert ,

 

I would like to know that it can be possible about overlap zone name but difference Vsys such as I would to defind name Zone "Trust" on vsys1 and would to zone name "Trust" on vsys2 as well

 

Please  suggest to me 

 

Thank you 

Tags (2)
Community Team Member

Re: Overlap-Zone difference Vsys

Hi @Pattarachai ,

 

Yes you can use the same zone names in different vsys.

 

Cheers !

-Kiwi.

 
Highlighted
L4 Transporter

Re: Overlap-Zone difference Vsys

"Just because you can do something doesn't mean you should"

 

Having managed a multi-vSYS environment, I can definitely recommend you NOT do this.  You can because the vSYS are considered completely separate systems.  But to keep things straight in your own head, I would recommend defining your zones with meaningful and specific names.  This means you will most likely have different zone names in each vSYS naturally.  Thoughts?

L7 Applicator

Re: Overlap-Zone difference Vsys

@jeremy.larsen,

Depends on why you are using multi-vsys to begin with. In certain instances where I utilize multi-vsys in local government buildings to seperate out say Law Enforcement from the rest of the County I wouldn't necissarly say that a zone named "County Untrust" or "LEA Untrust" would really make that big of an difference over just "untrust". It might matter slightly more if you configure in the GUI instead of the XML or CLI, but you do have the dropdown up top specifying what VSYS you are on currently.

 

It's also something that I've done on purpose when I template the XML file for utilization in Jinja2 for shared security policies where I might only want to make an "Internet Access" policy once or a similar shared policy that I would otherwise have to create in both security rulebases manually. Granted this is an extreme edge-case and something most people would never think of even doing, but reasons to utilize shared zone names do exist. 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!