Tuesday, May 19, 2009

Zone Based Firewall

Cisco IOS release 12.496)T introduced a new feature called Zone Based Policy Firewall. Prior to this Cisco provided CBAC - Context Based Access Control list, in which the policy was applied to specific interface but in ZFW, policies are configured and mapped to the specific interfaces. In ZFW, interface need to be a part of zone, once it is done then the policies whicha re defined for zone are used.

Rules For ZFW
1. A zone need to be configured before it assigned to any interface.
2. Like firewall, interface cannot participate in multiple zones.
3. By default all the traffoc from one zone to another zone is blocked but within zone it is permitted.
4. If an interface doesnot participate in any ZFS policy, it works as regular port.

regards
shivlu jain

People who read this post also read :



No comments: