Module 10: Zone Based Policy Firewalls

Question 1

What are the benefits of a ZBF?

Answer 1

It is not dependent on ACLs
It blocks unless told to allow
Policies can be applied to uni directional traffic between zones

Question 2

What is the 1st design step for a ZBF?

Answer 2

Determine the zones (E.g.: “INSIDE”, “OUTSIDE”, “DMZ”).

Question 3

What is the 2nd design step for a ZBF?

Answer 3

Establish policies between zones (E.g. TCP, UDP, sessions, echo)

Question 4

What is the 3rd design step for ZBF?

Answer 4

Design the physical infrastructure (availability, redundant devices, etc.)

Question 5

What is the 4th design step for ZBF?

Answer 5

Identify subsets within zones and merge traffic requirements (beyond scope).

Question 6

What is a redundant firewall?

Answer 6

A backup in case the main one fails

Question 7

What is a self zone?

Answer 7

The zone the router and its interfaces are in

Question 8

What does the “inspect” ZBF action do?

Answer 8

lets the traffic through and then back

Question 9

What does the “drop” ZBF action do?

Answer 9

the same as DENY

Question 10

What does the “Pass” ZBF action do?

Answer 10

the same as PERMIT

Question 11

What happens if no policy is configured between zones?

Answer 11

all traffic is then blocked