Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
1
Replies

CBAC in IOS-XE on ESR 6300

ronald loftus
Level 1
Level 1

‎10-03-2022 02:33 PM

Does IOS-XE 17.9.x still support the Stateful CBAC firewall features that use the IP INSPECT command set? This capability was available in IOS. We are transitioning from IOS to IOS-XE on edge router and are not seeing the same CLI commands for CBAC. Do we have to use ZBF?

0 Helpful
1 Reply 1

urathod
Cisco Employee
Cisco Employee

‎04-03-2023 03:46 AM

Hello Ronald,

 

IOS-XE 17.9.x still supports Stateful CBAC firewall features, but the configuration has changed from using the "IP INSPECT" command set to using the "Zone-Based Policy Firewall" (ZBF) command set.

ZBF is a more advanced and flexible firewall technology than CBAC, and it allows you to define policies based on zones rather than IP addresses. ZBF also supports advanced features such as application-layer inspection and user-based policies.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card