This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Overlap-Zone difference Vsys

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Overlap-Zone difference Vsys

Pattarachai
L3 Networker

‎05-17-2019 12:11 AM

HI Expert ,

 

I would like to know that it can be possible about overlap zone name but difference Vsys such as I would to defind name Zone "Trust" on vsys1 and would to zone name "Trust" on vsys2 as well

 

Please  suggest to me 

 

Thank you 

0 Likes Likes
3 REPLIES 3

kiwi
Community Team Member

‎05-17-2019 01:35 AM

Hi @Pattarachai ,

 

Yes you can use the same zone names in different vsys.

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

jeremy.larsen
L4 Transporter
In response to kiwi

‎05-17-2019 01:00 PM - edited ‎05-17-2019 01:00 PM

"Just because you can do something doesn't mean you should"

 

Having managed a multi-vSYS environment, I can definitely recommend you NOT do this.  You can because the vSYS are considered completely separate systems.  But to keep things straight in your own head, I would recommend defining your zones with meaningful and specific names.  This means you will most likely have different zone names in each vSYS naturally.  Thoughts?

BPry
Cyber Elite
Cyber Elite
In response to jeremy.larsen

‎05-17-2019 02:18 PM

@jeremy.larsen,

Depends on why you are using multi-vsys to begin with. In certain instances where I utilize multi-vsys in local government buildings to seperate out say Law Enforcement from the rest of the County I wouldn't necissarly say that a zone named "County Untrust" or "LEA Untrust" would really make that big of an difference over just "untrust". It might matter slightly more if you configure in the GUI instead of the XML or CLI, but you do have the dropdown up top specifying what VSYS you are on currently.

 

It's also something that I've done on purpose when I template the XML file for utilization in Jinja2 for shared security policies where I might only want to make an "Internet Access" policy once or a similar shared policy that I would otherwise have to create in both security rulebases manually. Granted this is an extreme edge-case and something most people would never think of even doing, but reasons to utilize shared zone names do exist. 

 

 

0 Likes Likes
  • 3814 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks