ccna 4 chapter 6 pdf

ccna 4 chapter 6 pdf.431.1 Introduction to Zone-Policy-Based FirewallsIn 2006, Cisco IOSI version 2.4(6)T introduced the firewall allocation inspection mode of the Eki "I mow domain policy. /In this new model, the traffic is assigned to zones, and then the flow between zones should be detected by the policy. The firewall of a zone can be allowed to detect traffic between zones. The firewall of a zone can allow the firewall to detect traffic between zones connected to the same. Multiple]. The firewall of a zone can allow different detection policies to be applied to multiple]. It can also disable streaming by default deny-all policies between firewall zones.The Zone Policy Firewall (ZBF) inspection interface supports firewall features such as stateful packet inspection, application detection, URL filtering, and DoS attack mitigation.Firewall policies are configured using the CiscoCommonClassificationPolicyLanguage (C3PL), which uses a hierarchical structure to define network protocol inspection, and allows for the use of a hierarchy of policies in. A detection policy is used to avoid spoon grouping on the zygons.If . If an external interface is added to a private zone, the] machine connected to that interface will pass the stream to all hosts that already have an interface in the same zone. In addition, hosts connected to the interface must adhere to all existing "private" policies associated with their zone when passing streams out to other zones.In order to put ZBF into the environment, the CiscoIOS firewall is. A stateful firewall solution that is integrated into the CiscoIOS software router. Cisco 1OS Firewall has two configuration modes: the traditional configuration mode (Classic Firewall) and the new configuration mode (ZBF). o For the foreseeable future, Cisco will continue to maintain the Classic Firewall, but will not add new features to it. Instead, CiscoIOS Firewall's strategic DYNAMIC direction is carried by ZBF. ZBF introduces significant changes in the CL1 firewall configuration. In the classic firewall configuration, the firewall policy is echoed to the connection I IL:; in the ZBF configuration, the "connection I" is assigned to the security zone, and then the fire ry policy is echoed to the flow ht transmitted in the I mow domain.ZBF is the fourth generation of effective CiscoIOS stateful firewall solutions, the previous] generations being TCPestablished, |'| Anti-ACL, and Classic Firewall, respectively.4.3.L2 Advantages of Zone Policy Based FirewallThe main motivation for network security practitioners to migrate to the ZBF model is its institutionalization and ease of use. A structured approach is easier to document and communicate. For security practitioners, ease of use makes the implementation of cybersecurity more attainable.Classical firewall implementations are complex and can be overwhelming. Unlike ZBF, classic firewalls do not have a dedicated hierarchical data interface for modularity. Classic firewalls have the following limitations.