zone based firewall: select multiple zones as source zones

kdepijper · ‎02-24-2009

Hello,

I have 4 security zones defined on my 2611XM - 12.4.15T8 router. The customer defined its security policy as a destination policy to all 4 zones, eg

from 10 hosts/networks to zone1

from 20 hosts/networks to zone2, etc,

where the hosts/networks are located on all different zones.

Unfortunately, in my zone-pair definition I cannot select multiple zones as source zone. This would reduce my zone pailr definition from 12 to 4. Does anyone know any alternative to this ?

thx Karien

sadsiddi · ‎02-24-2009

Does your customer has 12 different policies?. As of now the number of zone-pairs cannot be less than the number of policies. Are you trying to say defining multiple zone-pairs using one zone-pair command and attaching multiple policies to that for each zone-pair?. Pardon me if i dont understand your problem.

kdepijper · ‎02-24-2009

I have only 4 policies, defined on destination zone level.

Problem is that I cannot select more then 1 source zone in a policy

Eg

Policy_1 defines from host_in_zone2, host_in_zone3, ... to zone 1 allow.

Policy_2 defines from host_in_zone1, host_in_zone3,... to zone 2 allow.

Any idea ?

thanks Karien

kdepijper · ‎03-04-2009

Hello

Solution is to create 12 zone pairs, but administration is restricted because I have only 4 policies (Policy maps)

Regards

Alex Yeung · ‎03-05-2009

Can you create 12 policies?

Alex Yeung