Cisco IOS Zone Based Firewall is a router based firewall solution that can run in Cisco IOS based routers. A firewall is used to protect a network from external threats by enforcing access policies between different security domains. Cisco IOS Zone Based Firewall was introduced in IOS Release 12.4(6)T as replacement for the previous Cisco Context-Based Access Control (CBAC) firewalls. Cisco IOS Zone Based Firewall supports stateful inspection and also application inspection and control from OSI Layer 3 to Layer 7. Cisco IOS Zone Based Firewall also has the capability to monitor application layer protocols for RFC standards compliance.
Cisco IOS Zone Based Firewall can be used if an organization do not have the budget to buy a separate ASA firewall and have an ISR (Integrated Services Routers, for example Cisco 3900 Series or 2900 Series) with some unused interfaces which are not overloaded.
Following are the main differences between Cisco IOS Zone Based Firewall and Cisco Context-Based Access Control (CBAC) Firewalls.
| IOS Zone Based Firewall
||Context-Based Access Control (CBAC) Firewalls
|Zone Based Configuration
||Interface Based Configuration
|Available from IOS 12.4(6)T
||Available from IOS 11.2
|Application Inspection and Control is supported
||Application Inspection and Control is not supported
|Uses Cisco Common Classification Policy Language (C3PL)
||Uses inspect statements and stateful ACLs
If you are looking for an in-depth Cisco IOS Zone Based Firewall guide, download it from below link.
Cisco IOS Zone Based Firewall guide