Posted by: Yasir Irfan
ASA/PIX, Basic Firewall, Cisco, Cisco ASA, Cisco IOS, Cisco IOS Firewall, Routers, ZFW
Guess what your Routers support zone-based policies, which really helps with multi-interface restrictions (rather than just one outside & one inside interface with individual access list applications). Likewise, it now supports application inspection to catch those scandalous peer-to-peer programs.
Cisco IOS® Software Release 12.4(6)T introduced Zone-Based Policy Firewall (ZFW), a new configuration model for the Cisco IOS Firewall feature set. This new configuration model offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic. For more details do access this document from Cisco.