Cisco IOS Zone-Based Firewall

• Classic IOS, inspection policies were applied to all traffic on that interface,
• we can't apply to different policies to different groups of users.
• Zone-based firewall (ZFW), available in IOS release 12.4(6)T or later.
• This concept(ZFW) is similar to that used by appliance firewalls.
• Router interfaces are placed into security zones.
• Traffic between zones were blocked by default.
• Some times traffic blocked between interfaces that have been assigned to a security zone & those that have not.
• We must explicitly apply a policy to allow traffic between zones.
• Zone policies are configured using the Class-based Policy Language(CPL), 
• which is similar to Modular QoS Command Line Interface (MQC) 
• in its use of class maps and policy maps.
• Class maps let you configure highly granular policies if needed.
• A new class & policy map type, the inspect type, is introduced for zone-based firewalls.
• 
  
•