Overlap-Zone difference Vsys

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Overlap-Zone difference Vsys

L3 Networker

HI Expert ,

 

I would like to know that it can be possible about overlap zone name but difference Vsys such as I would to defind name Zone "Trust" on vsys1 and would to zone name "Trust" on vsys2 as well

 

Please  suggest to me 

 

Thank you 

3 REPLIES 3

Community Team Member

Hi @Pattarachai ,

 

Yes you can use the same zone names in different vsys.

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

"Just because you can do something doesn't mean you should"

 

Having managed a multi-vSYS environment, I can definitely recommend you NOT do this.  You can because the vSYS are considered completely separate systems.  But to keep things straight in your own head, I would recommend defining your zones with meaningful and specific names.  This means you will most likely have different zone names in each vSYS naturally.  Thoughts?

@jeremy.larsen,

Depends on why you are using multi-vsys to begin with. In certain instances where I utilize multi-vsys in local government buildings to seperate out say Law Enforcement from the rest of the County I wouldn't necissarly say that a zone named "County Untrust" or "LEA Untrust" would really make that big of an difference over just "untrust". It might matter slightly more if you configure in the GUI instead of the XML or CLI, but you do have the dropdown up top specifying what VSYS you are on currently.

 

It's also something that I've done on purpose when I template the XML file for utilization in Jinja2 for shared security policies where I might only want to make an "Internet Access" policy once or a similar shared policy that I would otherwise have to create in both security rulebases manually. Granted this is an extreme edge-case and something most people would never think of even doing, but reasons to utilize shared zone names do exist. 

 

 

  • 3366 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!