Chapter 15. Implementing Cisco IOS Zone-Based Firewalls

This chapter covers the following topics:

Cisco IOS Zone-Based Firewalls

Configuring and verifying Cisco IOS Zone-Based Firewalls

Cisco has implemented a stateful firewall feature set in Cisco IOS Software called zone-based firewall (ZBF). ZBF has a predecessor called the context-based access control (CBAC), which provided basic firewall features in Cisco IOS Software. ZBF allows the administrator to configure more granular firewall policies and introduces a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is configured. This chapter is all about understanding and implementing the ZBF feature on an IOS-based router.