Cisco IOS release 12.496)T introduced a new feature called Zone Based Policy Firewall. Prior to this Cisco provided CBAC - Context Based Access Control list, in which the policy was applied to specific interface but in ZFW, policies are configured and mapped to the specific interfaces. In ZFW, interface need to be a part of zone, once it is done then the policies whicha re defined for zone are used.
Rules For ZFW
1. A zone need to be configured before it assigned to any interface.
2. Like firewall, interface cannot participate in multiple zones.
3. By default all the traffoc from one zone to another zone is blocked but within zone it is permitted.
4. If an interface doesnot participate in any ZFS policy, it works as regular port.
regards
shivlu jain
SDN and NFV is the next phase of technology change which will help service provider to launch the services in single click. This is all about the programmability of the networks by using open source software defined network controller.
Tuesday, May 19, 2009
Zone Based Firewall
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment