Configure Device and Interface Preferences

To customize the violations results, you can specify how the device relates to the network zones. For each device interface, SecureTrack finds the security zone that contains the IP address of the interface and associates that zone with the interface. In addition to the IP address match, SecureTrack also uses routing tables to associate the zones with interfaces. To customize the associations of interfaces and zones, you can edit the USP preferences and select the zones for each interface. You can also exclude specific devices from all Unified Security Policy (USP) calculations.

The internet zone is not automatically associated with any interfaces. To associate the internet zone with interfaces, edit the USP preferences.

You can specify:

  • AWS devices: The zones that a subnet can reach

  • All other devices: The zones to which an interface leads

    • IPv6 is not supported for this TOS feature.

To exclude devices from a security zone

  1. Go to the listing of your security zones.

  2. Select a security zone matrix.

  3. Click Preferences.

    The Unified Security Policy Preferences dialog is displayed.

  4. Select the device from the device tree.

  5. Select Do not include this device in calculations.

  6. Click Done.

Repeat these steps for each device you wish to exclude.

To indicate that a specific device interface leads to a specific zone

  1. Go to the listing of your security zones.

  2. Select a security zone matrix.

  3. Click Preferences.

    The Unified Security Policy Preferences dialog is displayed.

  4. Select the device from the device tree.

  5. Select the interface to customize and click Edit to edit the interface.

  6. Add or remove zones from the interface.

  7. Click Save.

  8. Click Done.

Repeat these steps for each device you wish to customize.