Management of ACLs is flexible, with configurable priority for dynamic ACLs. This includes ACLs inserted by internal and external applications, as well as those inserted using the CLI. The priority is assigned by a system of zones, and within zones by numeric codes.
Zones are of two types:
The priorities cannot be changed.
No configuration is allowed by the user into System Space.
Hal is the only application in a System Space zone.
User Space zones consist of default zones and created zones. Default zones group like functions and cannot be deleted.
The administrator has the ability to create new zones and configure the priority of both default and created zones. See Configuring User Zones for discussion of created zones and applications. Applications insert ACLs into zones.
To view both System Space and User Space zones, use the show access-list zone command.
Default Assignment and Priority of Applications, by Zone shows the priority of System Space zones and User Space zones together with the default assignments and priority of applications by zone.
| Zone/Default Application | Default Priority | Platform |
|---|---|---|
| SYSTEM SPACE ZONES | ||
| hal | 1 | |
| USER SPACE ZONES | ||
| DOS | 2 | |
| hal | 1 | All platforms |
| Dos | 2 | All platforms |
| SYSTEM | 3 | |
| Cli | 1 | All platforms |
| IpSecurity | 2 | All platforms |
| NetLogin | 6 | All platforms |
| SECURITY | 4 | |
| GenericXml (Allows configuration of one additional external application) | 4 | All platforms |
| SYSTEM SPACE ZONES | ||
| hal | 1 |
Note
The priority of static ACLs is determined by the order they are configured, with the first rule configured having the highest priority.