https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498931#M662414 <P>Hi all,</P><P></P><P></P><P>I am planning to use ZBFW in my network but I face a problem with "extending the legs" for ZBFW. I have two router, Router A&nbsp; is a L3 switch and is configured with all the IPs, Vlans and current ACL list. Router B will be added to the existing topology and configured with ZBFW. All Traffic is expected to flow through Router B before reaching Router A. </P><P></P><P>Once I have created the different zone on router B, how can I apply this configuration so that I can control traffic between different vlans in router A??? As the documentation from cisco, as I understand cisco expect all the invidual vlans and zone base configuration should be on the same router and not separate.</P><P></P><P><A href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml</A></P><P></P><P>Thank you very much in advance.</P><P></P><P>Mike.</P> Mon, 11 Mar 2019 18:04:26 GMT ytlee80 2019-03-11T18:04:26Z https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498931#M662414 <P>Hi all,</P><P></P><P></P><P>I am planning to use ZBFW in my network but I face a problem with "extending the legs" for ZBFW. I have two router, Router A&nbsp; is a L3 switch and is configured with all the IPs, Vlans and current ACL list. Router B will be added to the existing topology and configured with ZBFW. All Traffic is expected to flow through Router B before reaching Router A. </P><P></P><P>Once I have created the different zone on router B, how can I apply this configuration so that I can control traffic between different vlans in router A??? As the documentation from cisco, as I understand cisco expect all the invidual vlans and zone base configuration should be on the same router and not separate.</P><P></P><P><A href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml</A></P><P></P><P>Thank you very much in advance.</P><P></P><P>Mike.</P> Mon, 11 Mar 2019 18:04:26 GMT https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498931#M662414 ytlee80 2019-03-11T18:04:26Z https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498932#M662459 <HTML><HEAD></HEAD><BODY><P>Mike,</P><P></P><P>I'm slightly confused about the topology based on your description below.&nbsp; Please confirm if this is indeed your topology:</P><P></P><P>ClientVlanX -&gt; Router A (L3 Switch) -&gt; Router B (with ZBF) -&gt; Internet</P><P>ClientVlanY-&gt;</P><P></P><P>If you trunk the link between Router A and Router B, to include multiple Vlans (ie X and Y), you can configure sub-interfaces on the Router B.&nbsp; With the sub-interfaces, you can assign each sub-interface to a different zone.&nbsp; You would then specify different zone policies that define what traffic is allowed between ZoneXY and ZoneYX.</P><P></P><P>If this doesn't completely answer your question, please provide me more information about your topology and requirements and I'll do what I can assist.</P><P></P><P>Best Regards,</P><P>Kevin</P></BODY></HTML> Fri, 02 Jul 2010 17:50:16 GMT https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498932#M662459 Kevin Redmon 2010-07-02T17:50:16Z https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498933#M662500 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>thanks for the insight. i think its the correct way to do it.</P></BODY></HTML> Tue, 06 Jul 2010 03:53:05 GMT https://community.cisco.com/t5/network-security/zone-base-firewall-design-question/m-p/1498933#M662500 ytlee80 2010-07-06T03:53:05Z