You can add an interface to one L2 or L3 security zone when creating or editing the corresponding network interface. Before adding an interface to a security zone, make sure that the relevant zones have been created.
The device gets from the global configuration only those zones to which its interfaces have been added.
All Kaspersky NGFW security functions that you configured for the corresponding type of security zone (L2 or L3) can be applied to traffic received on the device. This means that you can configure the processing of traffic arriving at L2 and L3 interfaces without having to make changes to your corporate network infrastructure.
If no interface is added to the zone used in the rule, such a rule is ignored on the device. Policies that use such zones are no longer synchronized with the device.
Security rules are applied to transmitted traffic only if the traffic remains confined to security zones of one type.
You can add an interface to an L2 security zone if the interface satisfies all of the following conditions:
If you have added an interface to an L2 security zone, you cannot change its settings described above (for example, change its type or role, move it to another virtual routing and forwarding table, add subinterfaces).
Security zone selection is not available for the following interfaces:
The following additional restrictions apply: