Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2336
Views
0
Helpful
1
Replies

Router with ACL and Zone-Based-Firewall (ZBF)

Rene Mueller
Level 5
Level 5

‎01-20-2017 05:43 AM - edited ‎03-05-2019 07:53 AM

Hello,

I am using a ISR4351 Router and want to configure a little bit of security. My question is, does it make sense to configure an ACL to an interface and also put the same Interface into a Zone for zone-based FW configuration? What takes preference when I configured both to an Interface?

Regards

René

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎01-20-2017 06:20 AM

Just think about what you typically achieve with interface-ACL when you don't use ZBF:

  1. Filtering traffic that should go through the router. That is traditional firewalling and has always to be done with ZBF-policies between the zones. As this function has a default deny, you need them anyway and have no need to configure interface-ACLs.
  2. Restricting traffic to the router. Using interface-ACLs was quite easy with the legacy CBAC firewall, but ZBF gives you full control with the self-zone. Although you have a default allow here, this is the way to go to restrict that traffic.

Given that, interface ACLs are nearly never needed.

0 Helpful
Customers Also Viewed These Support Documents