Get 30% off ITprotv.com with PROMO CODE OSCAROGANDO2
https://www.itpro.tv/
Follow me on Twitter:
https://twitter.com/CCNADailyTIPS
Previous Video:
CCNA Security MegaLab | DHCP, Static NAT, PAT, VPN, Site to Site, ACL and More
https://youtu.be/1EUgZGoaex4
Zone Based Firewall:
With ZBFs, interfaces are placed into zones. Zones are created by the network administrator, using any naming convention that makes sense (although names such as inside, outside, and demilitarized zone [DMZ] are quite common).
Class maps: These are used to identify traffic, such as traffic that should be inspected. Traffic can be matched based on Layer 3 through Layer 7 of the OSI model, including application-based matching. Class maps can also refer to access control lists (ACL) for the purpose of identifying traffic or even call upon other class maps.
Policy maps: These are the actions that should be taken on the traffic. Policy maps call on the class maps for the classification of traffic. Policy maps with multiple sections are processed in order.
Service policies: This is where you apply the policies, identified from a policy map, to a zone pair. This step actually implements the policy.
Then policies are specified as to what transit (user) traffic is allowed to be initiated (for example, from users on the inside destined to resources on the outside) and what action the firewall should take, such as inspection (which means to do stateful inspection of the traffic).
After traffic is inspected, the reply traffic is allowed back through the firewall because of the stateful filtering feature. The policies are implemented in a single direction (for example, inside to outside).
