Skip navigation
Cisco Learning Home > CCIE Security Study Group > Discussions
This Question is Answered 2 Helpful Answers available (2 pts)
6828 Views 6 Replies Latest reply: May 20, 2010 8:47 AM by swapneswar.panda RSS

Currently Being Moderated

Zone based firewall

May 20, 2010 7:14 AM

swapneswar.panda 103 posts since
Jan 4, 2009

Guys,

can any one brief iy :what is a Zone based firewall ?

how it works and where we can best impliment it ?

 

Thanks

swapneswar

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    1. May 20, 2010 7:40 AM (in response to swapneswar.panda)
    Re: Zone based firewall

    Hello -

     

    This explains the concept, and a quick overview of how it is configured.

     

    Zone Based Firewall blocks all traffic trying to go through the IOS router configured as a zone based firewall.

     

    Specific policies allow the traffic you want (from users on your internal network) to go to the outside untrusted networks, and remember it, so that the return traffic for those users is allowed back to the user.    At the same time, any unknown traffic trying to get in from the outside, will be denied.

     

    Best wishes,

     

    Keith

     

     

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    3. May 20, 2010 8:05 AM (in response to swapneswar.panda)
    Re: Zone based firewall

    hi Keith,

    it is nice to get the reply from u..So can u clarify one thing that....can i configure the ASA for zone based firewall or is it applicable only to Router which contains IOS firewall.

     

     

    Thanks

    swapneswar

    Zone Based Firewall implementation is only on an IOS router.

     

    The ASA appliance, (5500 series firewalls appliance), does stateful inspection (hand stamping) by default, and has a different command set all together.

     

    Keith

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    5. May 20, 2010 8:35 AM (in response to swapneswar.panda)
    Re: Zone based firewall

    The specific words "Zone Based Firewall" refers to the configuration that would be done to an IOS router.

     

    An ASA is a dedicated firewall.   The ASA needs to be configured with IP addresses, NAT, routing, etc for it to work  correctly.   By default the ASA appliance considers the inside interface to be the trusted network, and outside interface to be the untrusted network.   These trusted and untrusted networks could be considered "zones" and in that respect.   On the ASA we would define the "zones" by associating security levels with each interface.   The configuration of the ASA is significantly different than the IOS router configuration of "zone based firewall", (which is again, used in that context, is a term associated with only the IOS router).

     

    Keith

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)