Zone-based IOS firewall

February 21, 2011

Starting with IOS 12.4(6)T Cisco introduced the Zone-Based Policy Firewall in all the IOS with an advanced feature set. This new configuration model allows the router’s administrator to define security zones, assign interfaces to zones, apply security policies between zones as he would have done on a Juniper firewall or on a Cisco ASA.

With CBAC stateful inspection was done on interface level. Now with zone-based firewalls, the inspection is done based on zone pairs (source and destination zones).

Here is an over-simplified exemple [Read more]

Filed Under Networking, Security · Leave a Comment

Recent Posts

Recent Comments
- Karthik: Chris Thanks for posting a excellent document on ACE code upgrade, probably Cisco should take this and...
- Fransisku: This is the Best Tech brief i ever read, Cisco docs are not this much informative. Thanks again…...
- Shanthi: Good Document.
- Krishna: Christophe, I am a Network Engineer and this is by far the best document I have come cross in internet about...
- Christophe Lemaire: Hi Ezechiel, DHCP servers on Cisco routers are not able to synchronize their DHCP leases...

Zone-based IOS firewall (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

Recent Posts

Recent Comments

Cumulus

Zone-based IOS firewall