cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

853
Views
0
Helpful
3
Replies
Highlighted
Beginner

ZBF vs. CBAC?

I am just getting into my CCNA Security and am learning the differences between ZBF and CBAC and I know there are definately beneifts of this. My company currently uses CBAC implementation on their branch routers probably only because the majority of them have an older IOS that doesn't support ZBF. My question is what kind of overhead is used in comaprison from CBAC to ZBF?

I am going through one of our newer routers that I am using as a guinea pig and as I am going through the configuration, I would think that using implemeting ZBF is going to cost more in overhead that it does with a CBAC. I am not too concerned about this with our newer sites because they are all running 2901's and have a pretty good CPU in them currently. What I am concerned about is if I were to upgrade the IOS in our other routers, which are 1841's, that the CPU may not like the ZBF implementation.

any thoughts on this would be wonderful!

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 REPLIES 3
Highlighted

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Julio,

Thanks for the insight. I am actually going through working on a configuration as we speak and am already running into a couple of dufferent issues that I will probably post in a different post.

Thanks for the help,

Highlighted

Hello Jason,

Glad to know that I could help,

Let me know when you open the discussions so I can help, You can mark this question as answered.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Content for Community-Ad