https://community.cisco.com/t5/network-security/lost-in-firewall/m-p/1098577#M913596 <HTML><HEAD></HEAD><BODY><P>Zone-Based Policy Firewall (also known as Zone-Policy Firewall, or ZFW) changes the firewall configuration from the older interface-based model to a more flexible, more easily understood zone-based model. Interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones. Inter-zone policies offer considerable flexibility and granularity, so different inspection policies can be applied to multiple host groups connected to the same router interface</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml</A></P></BODY></HTML> Mon, 08 Sep 2008 12:50:20 GMT smahbub 2008-09-08T12:50:20Z https://community.cisco.com/t5/network-security/lost-in-firewall/m-p/1098576#M913592 <P></P><P>Hi,</P><P></P><P>Sorry for my bad English, I'm French.</P><P></P><P>I have great difficulties to understand and to modify the new firewall concept.</P><P>The zone things â&#128;¦</P><P>My router : C181X Software (C181X-ADVENTERPRISEK9-M), Version 12.4(9)T6</P><P></P><P>I only want a firewall that does:</P><P>Internal &gt; external</P><P>permit all traffic</P><P>Lan to lan VPN : </P><P>internal &lt;&gt; vpn : permit any any</P><P>External &gt; Internal and NAT:</P><P>Any &gt; 192.168.100.1 eq 11000, 8080, 443, 5307, 2022, 2021, 3389, 25</P><P></P><P>@IProuter: 192.168.100.99</P><P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/308184">@lan</a>: 192.168.100.0/24</P><P>@lanVpn: 192.168.2.0/24</P><P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/3915">@wan</a>: WAN</P><P>@wanVpn: VPN</P><P></P><P>Someone can tell me how the running config will look like with all these parameters?</P><P>With that I will understand I think.</P><P></P><P>Thx a lot.</P><P></P> Mon, 11 Mar 2019 13:38:55 GMT https://community.cisco.com/t5/network-security/lost-in-firewall/m-p/1098576#M913592 bsurace 2019-03-11T13:38:55Z https://community.cisco.com/t5/network-security/lost-in-firewall/m-p/1098577#M913596 <HTML><HEAD></HEAD><BODY><P>Zone-Based Policy Firewall (also known as Zone-Policy Firewall, or ZFW) changes the firewall configuration from the older interface-based model to a more flexible, more easily understood zone-based model. Interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones. Inter-zone policies offer considerable flexibility and granularity, so different inspection policies can be applied to multiple host groups connected to the same router interface</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml</A></P></BODY></HTML> Mon, 08 Sep 2008 12:50:20 GMT https://community.cisco.com/t5/network-security/lost-in-firewall/m-p/1098577#M913596 smahbub 2008-09-08T12:50:20Z