Cisco SECURE 1.0: Deploying Basic Zone-Based Policy Firewalls

This course is included in our On-demand training solution.


The Cisco IOS Zone-Based Policy Firewall represents the latest generation of Cisco IOS Software firewall functions. Designed as a replacement technology for Cisco IOS Classic firewalls, also known as Context-Based Access Control (CBAC) firewalls, Zone-Based Policy Firewalls change the firewall from the older interface-based model to a more easily understood zone-based model. In this course, you will learn to configure, verify, and troubleshoot Open Systems Interconnection (OSI) Layer 3 and 4 access control features of the Zone-Based Policy Firewall.

Target Audience

Network professionals responsible for securing and managing their network infrastructures, who have CCNA certification, CCNA Security certification (IINS), and a working knowledge of Microsoft Windows operating systems


Expected Duration

180 min.

Course Objectives

Planning the Deployment of Zone-Based Policy Firewalls

  • identify the considerations for deploying a basic Zone-Based Policy Firewall
  • Configuring Zones and Zone Pairs

  • recognize how to configure Zone-Based Policy Firewall zones and zone pairs
  • Configuring Zones

    Planning a Layer 3 and Layer 4 Interzone Access Policy

  • recognize how to configure a basic OSI Layer 3 and 4 interzone access policy
  • Layer 3 and Layer 4 Zone Access Policies

  • recognize how to configure basic OSI Layer 3 and 4 interzone and intrazone access policies
  • Configuring Access Control between Zones

    Inspecting Control Plane and Management Plane Traffic

  • recognize how the self zone works
  • identify the guidelines for implementing self zone access control
  • Configure Inspection of Local Traffic

    Tuning Stateful Engine and Connection Settings

  • recognize how to tune Zone-Based Policy Firewall stateful engine and connection settings
  • Configuring Interfaces and Troubleshooting Policies

  • recognize how to configure Zone-Based Policy Firewall transparent mode
  • recognize how to troubleshoot the operation of basic Zone-Based Policy Firewall functions