Configuring Zone-Based Policy Firewall
ZFW does not use the classical CBAC ip audit command set. ZFW behavior are configured with the new Cisco
Policy Language (CPL), which employs a hierarchical anatomy to ascertain analysis for arrangement protocols and the
groups of hosts to which the analysis will be applied. Note that the two agreement models (Classical CBAC
and new ZFW) can be acclimated accordingly on the aforementioned router; however, they cannot be accumulated on the same
interface overlapping anniversary other. An interface cannot be configured as a area affiliate and be configured for ip
inspect simultaneously.
Note
It is important to accept that ZFW absolutely changes the agreement syntax for Cisco IOS
Firewall stateful inspection, as compared to Classical CBAC.