securitypolicy.Zone (NSP Network Functions Manager

securitypolicy
Zone

This class defines Zone configuration as policy.

Parent Hierarchy
- netw.Network
  - netw.NetworkElement
    - policy.Manager [securityZone]
      - securitypolicy.Zone [[network]:[${systemAddress}]:[$%{policyTypeManaged}]:[zn-${*id}]]
- parent []
  - securitypolicy.Zone [[backup-${policyTypeManaged}]:[zn-${*id}]]
- policy.Manager [securityZone]
  - securitypolicy.Zone [[$%{policyTypeManaged}]:[zn-${*id}]]

Children Hierarchy
- securitypolicy.Zone
  - securitypolicy.NatPool
    - securitypolicy.NatPoolEntry
  - securitypolicy.ZoneInboundSession
  - securitypolicy.ZoneOutboundSession
  - securitypolicy.ZoneSecPolicy

Relationships
- many securitypolicy.Zones may be associated with epipe.Site (implied relationship)
  - Supported for 7705 SAR from 20.10.R3
  - Supported for 7705 SAR H from 20.10.R3
- many securitypolicy.Zones may be associated with ies.Site (implied relationship)
- many securitypolicy.Zones may be associated with mvpls.Site (implied relationship)
  - Supported for 7705 SAR from 20.10.R3
  - Supported for 7705 SAR H from 20.10.R3
- many securitypolicy.Zones may be direct children of one policy.Manager (child-parent relationship)
- securitypolicy.Zone may be associated with many rtr.NetworkInterfaces (implied relationship)
- one securitypolicy.Zone may be a direct parent of many securitypolicy.NatPools (parent-child relationship)
- many securitypolicy.Zones may be associated with securitypolicy.Policy (implied relationship)
- many securitypolicy.Zones may be associated with securitypolicy.Zone (implied relationship)
- securitypolicy.Zone may be associated with many securitypolicy.Zones (implied relationship)
- one securitypolicy.Zone may be a direct parent of many securitypolicy.ZoneInboundSessions (parent-child relationship)
- one securitypolicy.Zone may be a direct parent of many securitypolicy.ZoneOutboundSessions (parent-child relationship)
- one securitypolicy.Zone may be a direct parent of many securitypolicy.ZoneSecPolicys (parent-child relationship)
- securitypolicy.Zone may be associated with many service.L2AccessInterfaces (implied relationship)
- securitypolicy.Zone may be associated with many service.L3AccessInterfaces (implied relationship)
- securitypolicy.Zone may be associated with many svt.MeshSdpBindings (implied relationship)
- securitypolicy.Zone may be associated with many svt.SpokeSdpBindings (implied relationship)
- many securitypolicy.Zones may be associated with vpls.Site (implied relationship)
  - Supported for 7705 SAR from 20.10.R3
  - Supported for 7705 SAR H from 20.10.R3
- securitypolicy.Zone may be associated with many vprn.IPsecInterfaces (implied relationship)
- many securitypolicy.Zones may be associated with vprn.Site (implied relationship)

Zone

Relative Name=[[zn-${*id}]]

Displayed Name=Security Zone

Properties
autoBind	This specifies whether this zone is being used to enforce policy on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone. type=boolean default=false Displayed(tab/group)=Auto-Bind (/MP-BGP Auto-Bind)
byPassZoneConfig	type=boolean default=false Displayed(tab/group)=ByPass Zone Config
epipePointer	This is used to select a specific VPLS pointer. type=Pointer access=read-create default= Mandatory on create Displayed(tab/group)=EPIPE Service (/Zone Instance/EPIPE)
iesPointer	This is used to select a specific routerInstance/VPRN pointer. type=Pointer access=read-create default= Mandatory on create Displayed(tab/group)=IES Service (/Zone Instance/IES)
mvplsPointer	This is used to select a specific VPLS pointer. type=Pointer access=read-create default= Mandatory on create Displayed(tab/group)=MVPLS Service (/Zone Instance/MVPLS)
routerType	Configures a security zone under GRT or IES/VPRN services. type=securitypolicy.RouterType access=read-create default=base Displayed(tab/group)=Zone Type (/Zone Instance)
secLogId	type=int access=read-only default=0 minimum=0 maximum=100
secLogPointer	This specifies the security Log policy used by zone. type=Pointer default= Displayed(tab/group)=Security Log (/Logging)
securitypolicy.NatPool-Set	type=Children-Set
securitypolicy.ZoneInboundSession-Set	type=Children-Set
securitypolicy.ZoneOutboundSession-Set	type=Children-Set
securitypolicy.ZoneSecPolicy-Set	type=Children-Set
svcId	type=long access=read-only default=0 minimum=0 maximum=2147483647 Displayed(tab/group)=Service Id (/Zone Instance)
vplsPointer	This is used to select a specific VPLS pointer. type=Pointer access=read-create default= Mandatory on create Displayed(tab/group)=VPLS Service (/Zone Instance/VPLS)
vprnPointer	This is used to select a specific routerInstance/VPRN pointer. type=Pointer access=read-create default= Mandatory on create Displayed(tab/group)=VPRN Service (/Zone Instance/VPRN)
zoneConfigInIcmpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=ICMP Session Limit (/Inbound Concurrent Sessions)
zoneConfigInOthSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=Other Session Limit (/Inbound Concurrent Sessions)
zoneConfigInTcpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=TCP Session Limit (/Inbound Concurrent Sessions)
zoneConfigInUdpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=UDP Session Limit (/Inbound Concurrent Sessions)
zoneConfigOutIcmpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=ICMP Session Limit (/Outbound Concurrent Sessions)
zoneConfigOutOthSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=Other Session Limit (/Outbound Concurrent Sessions)
zoneConfigOutTcpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=TCP Session Limit (/Outbound Concurrent Sessions)
zoneConfigOutUdpSessLimit	type=long default=0 minimum=0 maximum=16383 Displayed(tab/group)=UDP Session Limit (/Outbound Concurrent Sessions)

Properties

autoBind

This specifies whether this zone is being used to enforce policy on traffic to/from MP-BGP auto-binding and spoke-sdps. This configuration is only permitted on VPRN zones and can only be enabled when no other interfaces are provisioned inside this zone.

type=boolean
default=false
Displayed(tab/group)=Auto-Bind (/MP-BGP Auto-Bind)

byPassZoneConfig

type=boolean
default=false
Displayed(tab/group)=ByPass Zone Config

epipePointer

This is used to select a specific VPLS pointer.

type=Pointer
access=read-create
default=
Mandatory on create
Displayed(tab/group)=EPIPE Service (/Zone Instance/EPIPE)

iesPointer

This is used to select a specific routerInstance/VPRN pointer.

type=Pointer
access=read-create
default=
Mandatory on create
Displayed(tab/group)=IES Service (/Zone Instance/IES)

mvplsPointer

This is used to select a specific VPLS pointer.

type=Pointer
access=read-create
default=
Mandatory on create
Displayed(tab/group)=MVPLS Service (/Zone Instance/MVPLS)

routerType

Configures a security zone under GRT or IES/VPRN services.

type=securitypolicy.RouterType
access=read-create
default=base
Displayed(tab/group)=Zone Type (/Zone Instance)

secLogId

type=int
access=read-only
default=0
minimum=0
maximum=100

secLogPointer

This specifies the security Log policy used by zone.

type=Pointer
default=
Displayed(tab/group)=Security Log (/Logging)

securitypolicy.NatPool-Set

type=Children-Set

securitypolicy.ZoneInboundSession-Set

type=Children-Set

securitypolicy.ZoneOutboundSession-Set

type=Children-Set

securitypolicy.ZoneSecPolicy-Set

type=Children-Set

svcId

type=long
access=read-only
default=0
minimum=0
maximum=2147483647
Displayed(tab/group)=Service Id (/Zone Instance)

vplsPointer

This is used to select a specific VPLS pointer.

type=Pointer
access=read-create
default=
Mandatory on create
Displayed(tab/group)=VPLS Service (/Zone Instance/VPLS)

vprnPointer

This is used to select a specific routerInstance/VPRN pointer.

type=Pointer
access=read-create
default=
Mandatory on create
Displayed(tab/group)=VPRN Service (/Zone Instance/VPRN)

zoneConfigInIcmpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=ICMP Session Limit (/Inbound Concurrent Sessions)

zoneConfigInOthSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=Other Session Limit (/Inbound Concurrent Sessions)

zoneConfigInTcpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=TCP Session Limit (/Inbound Concurrent Sessions)

zoneConfigInUdpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=UDP Session Limit (/Inbound Concurrent Sessions)

zoneConfigOutIcmpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=ICMP Session Limit (/Outbound Concurrent Sessions)

zoneConfigOutOthSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=Other Session Limit (/Outbound Concurrent Sessions)

zoneConfigOutTcpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=TCP Session Limit (/Outbound Concurrent Sessions)

zoneConfigOutUdpSessLimit

type=long
default=0
minimum=0
maximum=16383
Displayed(tab/group)=UDP Session Limit (/Outbound Concurrent Sessions)

Overridden Properties
id	maximum=65534

Overridden Properties

maximum=65534

Properties inherited from securitypolicy.SecurityPolicyDefinition
controlApply, description, displayedName, id

Properties inherited from securitypolicy.SecurityPolicyDefinition

controlApply, description, displayedName, id

Properties inherited from policy.PolicyDefinition
configurationAction, configurationMode, discoveryState, displayedName, distributionMode, isMaster, lastSyncTime, numberOfUnderlyingPolicyItems, origin, policyMode, policySyncGroupPointer, policyType

Properties inherited from policy.PolicyDefinition

configurationAction, configurationMode, discoveryState, displayedName, distributionMode, isMaster, lastSyncTime, numberOfUnderlyingPolicyItems, origin, policyMode, policySyncGroupPointer, policyType

Properties inherited from policy.PolicyObject
description, displayedName, globalPolicy, id, isLocal, policyType, siteId, siteName, templateObject

Properties inherited from policy.PolicyObject

description, displayedName, globalPolicy, id, isLocal, policyType, siteId, siteName, templateObject

Properties inherited from ManagedObject
actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Properties inherited from ManagedObject

actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Methods inherited from policy.PolicyDefinition
distribute, distributeUsingGroups, distributeV2, evaluatePolicy, findGlobal, findLocal, findReleased, getSyncTaskResult, resetToReleasedPolicy, setConfigurationModeToDraft, setConfigurationModeToReleased, setDistributionModeToLocalEditOnly, setDistributionModeToSyncWithGlobal, syncTo, syncToLocalWithResync

Methods inherited from policy.PolicyDefinition

distribute, distributeUsingGroups, distributeV2, evaluatePolicy, findGlobal, findLocal, findReleased, getSyncTaskResult, resetToReleasedPolicy, setConfigurationModeToDraft, setConfigurationModeToReleased, setDistributionModeToLocalEditOnly, setDistributionModeToSyncWithGlobal, syncTo, syncToLocalWithResync

Supported Network Elements
7705 SAR	Supported from 6.1.R1 Excluded chassis types: 7705-SARF, 7705-SARM ASAP, 7705-SARM, 7705-SARM ASAP FL, 7705-SARM FL, 7705 SAR-A, 7705 SAR-A T1/E1, 7705 SAR-W
7705 SAR H	Supported from 6.1.R1
Product Specifics
7705 SAR H 20.0	Warning: iframes not supported by this browser.
7705 SAR H 21.0
7705 SAR H 22.0
7705 SAR H 23.0
7705 SAR H 24.0
7705 SAR H 25.0
7705 SAR H 9.0
7705 SAR 20.0
7705 SAR 21.0
7705 SAR 22.0
7705 SAR 23.0
7705 SAR 24.0
7705 SAR 25.0

Supported Network Elements

7705 SAR

Supported from 6.1.R1