This chapter covers the following topics:
Cisco IOS Zone-Based Firewalls
Configuring and verifying Cisco IOS Zone-Based Firewalls
Cisco has implemented a stateful firewall feature set in Cisco IOS Software called zone-based firewall (ZBF). ZBF has a predecessor called the context-based access control (CBAC), which provided basic firewall features in Cisco IOS Software. ZBF allows the administrator to configure more granular firewall policies and introduces a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is configured. This chapter is all about understanding and implementing the ZBF feature on an IOS-based router.