Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
2
Replies

zone-based firewall questions,

hanwucisco
Level 1
Level 1

‎09-29-2011 09:03 AM - edited ‎03-11-2019 02:32 PM

I am trying to understand this following sentence regarding zone-based firewalls on a Cisco router, why they are wrong,

1. "Interface ACLs are applied before zone-base policy firewalls when they are applied outbound."

2. "The firewalls can be configured simultaneously on the same interface as classic CBAC using the IP inspect CLI command"

Any light shed would be appreciated.

Han

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎09-29-2011 10:23 AM

Hi,

1) interface ACLs always take precedence over ZBF , I don't think the direction matters.

2) CBAC and ZBF are mutually exclusive on an interface to my best knowledge.

Just to be sure I will lab it up later tonight and give you the results.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to cadet alain

‎09-30-2011 02:46 AM

Hi,

just tested ACL and ZBF and direction doesn't matter, it will always be taken into account if it denies a flow permitted by ZBF.

And CBAC and ZBF are mutually exclusive.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card