Sep 30 2011   1:23PM GMT

Cisco’s New Zone-Based Firewall

Joshua Wood Joshua Wood Profile: Joshua Wood

Hi all, Cisco has not so recently come out with a new firewall solution for their routers. I guess their felt that the IOS firewall feature set was getting a little old and so they needed something fresh. Zone-based Firewall or ZFW is what they seem to have come up with and I must say it is pretty nice.

With routers getting more and more ports these days it makes sense that somewhere along the line you would tired of putting ports that are essentially in the same security zone in their own little island just to break out to visit the next door neighbors that they were supposed to have access to anyway. Enter ZFW to help out. Essentially you create a class of access over let’s say port 25 and then you create a zone of let’s say mail then you create a zone-pair that define the direction of traffic let’s say Internet to Mail and finally you define which ports you router are in which zones. All interfaces that are tagged with the zone Mail can inherently talk to each other and each interface tagged with Interent can talk to each other but only defined accretions in zone-pair allow traffic to cross zones. It is pretty cool, check it out.

Zone-Based Policy Firewall:

Until next time,
TechStop (JW)

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: