Cisco has released a Zone Base Firewall in the new Routers. If you have purchase a security license for your router, you can enable the firewall function.
The Zone Base Firewall works differently to the traditional ASA. You can define different interface to different zones. Then setup zone-pairs to define what traffic is allowed between those pairs.
I knew nothing about Cisco zone base firewall until recently I have to help a client to migrate an old PIX into zone base firewall on a new 3900 series router. There were 6 physical interfaces and 12 sub-interfaces (using dot1q trunking) on the routers. As the client required to have a highly secured environment, as a result I have to assign a zone for different interfaces.
If you have worked on Cisco VoIP, you will be familiar with the class based QoS. The way to setup zone base firewall is very similar to setup Class Based Policy for QoS.
November 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Categories
- Food and Drinks (5)
- Mac Stuff (11)
- Network Engineering (26)
- Photography (12)
- Transport (7)
- Uncategorized (11)
Tags
Apple Monitor Battery Life Brisbane Chinese Magazine bypassing firewall Canon change control cisco eem Cisco ISE Cisco ISE LAB Cisco ISE NFR Cisco Zone Base Firewall daily deals Dell Di866 email emm Exetel firewall at work Fix Lion Battery fix mac os lion battery GNS3 iiNet IPS panel ipv6 ipv6 australia ipv6 cisco router ipv6 debian ipv6 tunnel Lion Mac Lion short battery life Mac OS Mac OS Lion Mac OS X Lion Melbourne Chinese Magazine NBN Nissin OS X Lion Photo short battery Sigma SSH Tunnel Sydney Chinese Magazine The One Magazine U2410 U2711 VPS