Hi all, Cisco has not so recently come out with a new firewall solution for their routers. I guess their felt that the IOS firewall feature set was getting a little old and so they needed something fresh. Zone-based Firewall or ZFW is what they seem to have come up with and I must say it is pretty nice.
With routers getting more and more ports these days it makes sense that somewhere along the line you would tired of putting ports that are essentially in the same security zone in their own little island just to break out to visit the next door neighbors that they were supposed to have access to anyway. Enter ZFW to help out. Essentially you create a class of access over let’s say port 25 and then you create a zone of let’s say mail then you create a zone-pair that define the direction of traffic let’s say Internet to Mail and finally you define which ports you router are in which zones. All interfaces that are tagged with the zone Mail can inherently talk to each other and each interface tagged with Interent can talk to each other but only defined accretions in zone-pair allow traffic to cross zones. It is pretty cool, check it out.
Zone-Based Policy Firewall: http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html
Until next time,