What IOS gets me zone-based firewall instead of CBAC?

qbakies11 · ‎01-20-2012

I'm trying to study for the CCNA Security test and need to be able to setup zone based firewalls instead of CBAC. I have tried all of these images and when the SDM loads (v2.5) it has CBAC firewall, not zone-based:

c1700-adventerprisek9-mz.124-23.image

c1700-advsecurityk9-mz.124-15.T9.image

c2600-adventerprisek9_ivs-mz.124-25b.image

c2600-advsecurityk9-mz.124-15.T9.image

c2600-advsecurityk9-mz.124-25b.image

c3745-adventerprisek9-mz.124-25.image

c3745-advsecurityk9-mz.124-15.t3.image

c3745-advsecurityk9-mz.124-23.image

According to the Cisco IOS locator tool zone-based firewalls were released in 12.4(6)T6 so that would be the minimum IOS release. All of these are later releases but none of them are working. When SDM (v2.5) loads it states Firewall (CBAC). Any thoughts?

Julio Carvajal · ‎01-20-2012

Hello.

Ok so the SDM is version 2.5 ( ZBFW is supported from 2.4) so the SDM supports it!!

Now regarding the IOS version since Cisco IOS® Software Release 12.4(6)T Zone-Based Policy Firewall is supported.

Can you try this one :

c1841-adventerprisek9-mz.124-15.T15.bin

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

qbakies11 · ‎01-21-2012

I do not have access to c1841-adventerprisek9-mz.124-15.T15.bin so I cannot try it.

Julio Carvajal · ‎01-21-2012

Hello,

You can open a TAC case and one of my co-workers would be more than glad helping you doing that for you.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC