Zone-Based Policy Firewall (ZFW)
The new ZFW affection was alien in Cisco IOS Software Release 12.4(6)T for the added Cisco IOS
Firewall affection set.
All appearance from above-mentioned to IOS Software Release 12.4(6)T are across-the-board in this new accomplishing and are
supported in the new zone-based inspection.
ZFW supports the afterward features:
Stateful packet Analysis (SPI)
VRF-aware Cisco IOS Firewall
URL filtering
Denial-of-service (DoS) mitigation
More ZFW appearance were added into Cisco IOS Software Release 12.4(9)T for per-class session/connection and
throughput limits, as able-bodied as appliance analysis and control:
HTTP
Post Office Protocol (POP3)
Internet Mail Access Protocol (IMAP)
Simple Mail Transfer Protocol and Added Simple Mail Transfer Protocol (SMTP/ESMTP)
Sun Remote Procedure Call (RPC)
Instant Messaging (IM) applications, including Microsoft Messenger (MSN), Yahoo Messenger, and AOL
Instant Messenger
Peer-to-peer (P2P) book sharing, including Bittorrent, KaZaA, Gnutella, and eDonkey
Note
Stateful analysis for multicast cartage is not accurate in ZFW or bequest archetypal Firewall CBAC.