Question - Policy to apply to a VLAN

Started by shanelord, July 31, 2023, 08:16:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 31, 2023, 08:16:47 AM
Might be a stupid question but trying to understand how everything works.

I'm setting up policies in zenarmor and I want different policies to apply to different VLANs.

If I'm setting up a policy in zenarmor and I want it to only apply to VLAN 50, do I select both the Interface it is on as well as putting in the VLAN? Or do I just enter the VLAN and not select the interface as well?

Thanks,
Shane.
July 31, 2023, 02:45:17 PM #1
Hi Shane,

One of them is enough. You can select the interface to apply or just write VLAN ID in the VLAN field. You don't need to add both of them.

Please be noted that all of the below criteria are matched with the **AND** logical operator. In order for a flow to match your configured policy, all of these criteria need to be matching the flow information. For instance, if you have a policy configuration specifying 10.0.0.0/24 Network, em0 interface, and "Admins" group, all of these should be matching. If a packet is seen belonging to the "Admins" group but on the ixl0 interface, this specific flow will not match this particular policy.

As another example, if you add an IP address, such as 192.168.10.11 and a MAC address, such as 8C:16:45:6C:77:BB to the policy with a name Specific_IPandMAC, then the policy will only match if a device with MAC address 8C:16:45:6C:77:BB is assigned the 192.168.10.11 IP address. When this device connects to the network using a different IP address,Specific_IPandMAC policy is not applied to its network packets.

In other words, if you specify multiple criteria for a policy, the policy is only applied to network packets that meet all of the criteria specified in the policy.
August 02, 2023, 02:44:11 AM #2
Quote from: sy on July 31, 2023, 02:45:17 PM
One of them is enough. You can select the interface to apply or just write VLAN ID in the VLAN field. You don't need to add both of them.

Thankyou! Also the rest of the info is very helpful.

Any chance the "one of them is enough" can be added to the guide on setting policies up - then dumb people like me won't have to ask the question again :)
August 03, 2023, 04:12:39 PM #3
Hi,

Thanks for the feedback. I'm going to forward to the documentation team.
Print
Go Up Pages1
User actions