#####   ######  #####    ###    #   #  ###  #   #  ######
##  ##  ##      ##  ##  ## ##   #   #   #   #   #  ##
#####   ####    #####   #   #   #   #   #   #   #  ####
##  #   ##      ##      ## ##    # #    #    # #   ##
##   #  ######  ##       ###      #    ###    #    ######

$ curl repovive.com/roadmaps/network-design/acls-and-firewalls/zone-based-policy-model

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██████████████████████████████████████████████████████████████████████████████████████

#####   ######  #####    ###    #   #  ###  #   #  ######
##  ##  ##      ##  ##  ## ##   #   #   #   #   #  ##
#####   ####    #####   #   #   #   #   #   #   #  ####
##  #   ##      ##      ## ##    # #    #    # #   ##
##   #  ######  ##       ###      #    ###    #    ######

$ curl repovive.com/roadmaps/network-design/acls-and-firewalls/zone-based-policy-model

Repovive

Zone-Based Policy Model - ACLs and Firewalls | Network Design | Repovive

Repovive.

Network Design26 sections · 911 units44h total

Open in Course

Zone-Based Policy Model

Defining zone rules

In a zone-based firewall, you create policies that specify:

$1.$ Source zone: Where traffic originates

$2.$ Destination zone: Where traffic is going

$3.$ Action: permit, deny, or inspect

Example policy allowing web traffic from outside to DMZ:

policy-map type inspect OUTSIDE-TO-DMZ
  class WEB-TRAFFIC
    inspect

The inspect action enables stateful tracking. Traffic matching this policy is allowed, and return traffic is automatically permitted.