F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IQ Shared Security
  3. Managing Zones
Manual Chapter : Managing Zones

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0
Manual Chapter

Managing Zones

About AFM Zones

AFM Zones allow you to specify lists of VLANs that can be referenced in a firewall rule for source or destination packet matching. Using BIG-IQ, you may create, edit, delete, and deploy Zones to managed BIG-IP devices and centrally manage your Zone objects.

Configure an AFM zone

Before you create a Zone, you must first create one or more network VLANs. Existing VLANs will populate in a list on this page.
You can create an AFM Zone to perform source and destination packet matching based on one or more VLANs. Use this workflow to assign one or more VLANs to a Zone object. To do so, select the check box next to the VLAN or VLANs you are interested in and use the arrows to move them from Available to Selected.
  1. To begin, go to
    Configuration
    SECURITY
    Shared Security
    Zones
    .
  2. To create a new Zone, select
    Create
    , or select an existing Zone object to make modifications.
    You will be directed to a page to configure a Zone object.
  3. Enter a unique
    Name
     for this Zone object.
  4. Enter a
    Description
    .
  5. Enter a
    Partition
    .
    The default is
    Common
    . You can also enter a custom path to a partition you have created. Only users with access to a partition can view the objects that the partition contains. If the object resides in the
    Common
     partition, all users can access it.
  6. Use the arrows to move one or more VLANs from the
    Available
     list to the
    Selected
     list to add VLANs to this Zone.
  7. Click
    Save & Close
    .
The new or modified Zone will display in the list of Zone objects.

Managing AFM zones

From BIG-IQ, you can create, view, and deploy Zones. Members of one Zone can overlap with members of another Zone.
  1. To begin, go to
    Configuration
    SECURITY
    Shared Security
    Zones
    .
  2. To create a new Zone, click
    Create
    .
  3. To delete a Zone, select the check box for the Zone and click
    Delete
    .
  4. To deploy a Zone to a managed BIG-IP device or group of devices, select the check box for all of Zones you wish to push to the target devices and select
    Deploy
    . For more information about deployments, visit
    Security Deployment Best Practices
    .
  5. To edit an existing Zone, click the name of the Zone you would like to modify.
  6. To see the properties of a Zone displayed in the lower pane, click anywhere in the row except the name. In the
    Related Items
     area, you can click
    Show
     to see items related to the Zone.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information