cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1271
Views
0
Helpful
3
Replies

ZBF vs. CBAC?

Jason Spring
Level 1
Level 1

I am just getting into my CCNA Security and am learning the differences between ZBF and CBAC and I know there are definately beneifts of this. My company currently uses CBAC implementation on their branch routers probably only because the majority of them have an older IOS that doesn't support ZBF. My question is what kind of overhead is used in comaprison from CBAC to ZBF?

I am going through one of our newer routers that I am using as a guinea pig and as I am going through the configuration, I would think that using implemeting ZBF is going to cost more in overhead that it does with a CBAC. I am not too concerned about this with our newer sites because they are all running 2901's and have a pretty good CPU in them currently. What I am concerned about is if I were to upgrade the IOS in our other routers, which are 1841's, that the CPU may not like the ZBF implementation.

any thoughts on this would be wonderful!

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio,

Thanks for the insight. I am actually going through working on a configuration as we speak and am already running into a couple of dufferent issues that I will probably post in a different post.

Thanks for the help,

Hello Jason,

Glad to know that I could help,

Let me know when you open the discussions so I can help, You can mark this question as answered.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: