Zone Based Firewall

Cisco IOS release 12.496)T introduced a new feature called Zone Based Policy Firewall. Prior to this Cisco provided CBAC – Context Based Access Control list, in which the policy was applied to specific interface but in ZFW, policies are configured and mapped to the specific interfaces. In ZFW, interface need to be a part of zone, once it is done then the policies whicha re defined for zone are used.

Rules For ZFW
1. A zone need to be configured before it assigned to any interface.
2. Like firewall, interface cannot participate in multiple zones.
3. By default all the traffoc from one zone to another zone is blocked but within zone it is permitted.
4. If an interface doesnot participate in any ZFS policy, it works as regular port.


Share on facebook
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

Become a member

Full Access to 739 Lessons. New Lessons Added Every Week!

Awesome Deal! Get 2 Months for FREE!

No Obligations. Cancel At Any Time!