Zone-Based Action Overview
Before the ZFW was introduced, the Cisco IOS Firewall offered stateful analysis application the CBAC feature. CBAC
was covered in detail in the antecedent sections of this chapter.
In the contempo releases of Cisco IOS Software from Version 12.4(6)T and later, the CBAC archetypal is actuality replaced
with the new agreement archetypal that uses ZFW.
This new affection was added mainly to affected the limitations of the CBAC that was employing stateful
inspection action on an interface-based model. To be specific, the limitation was that all cartage casual through
the interface was accountable to the aforementioned analysis policy, thereby attached the granularity and action enforcement,
particularly in scenarios area assorted interfaces existed.
With ZFW, stateful analysis can now be activated on a zone-based model. Interfaces are assigned to zones, and
policy analysis is activated to cartage affective amid zones. This accessory provides added granularity,
flexibility, scalability, and an easy-to-use zone-based aegis approach. With a zone-based analysis model,
varying interzone behavior can be activated to assorted hosts or groups of hosts affiliated to the aforementioned interface.
Tip
The afterward Cisco whitepaper URL provides added capacity on the conceptual aberration amid Cisco
IOS Classic and ZFW features:
www.cisco.com/en/US/products/sw/secursw/ps1018/products_white_paper0900aecd806f31f9.shtml.