This option is available for H.323, TCP, and UDP protocols only.
This feature was introduced in IOS Version 12.3(14)T.
Zone-Based Policy Firewall (ZFW)
The new ZFW feature was introduced in Cisco IOS Software Release 12.4(6)T for the enhanced Cisco IOS
Firewall feature set.
All features from prior to IOS Software Release 12.4(6)T are inclusive in this new implementation and are
supported in the new zone-based inspection.
ZFW supports the following features:
Stateful packet Inspection (SPI)
VRF-aware Cisco IOS Firewall
URL filtering
Denial-of-service (DoS) mitigation
More ZFW features were added into Cisco IOS Software Release 12.4(9)T for per-class session/connection and
throughput limits, as well as application inspection and control:
HTTP
Post Office Protocol (POP3)
Internet Mail Access Protocol (IMAP)
Simple Mail Transfer Protocol and Enhanced Simple Mail Transfer Protocol (SMTP/ESMTP)
Sun Remote Procedure Call (RPC)
Instant Messaging (IM) applications, including Microsoft Messenger (MSN), Yahoo Messenger, and AOL
Instant Messenger
Peer-to-peer (P2P) file sharing, including Bittorrent, KaZaA, Gnutella, and eDonkey
Note
Stateful inspection for multicast traffic is not supported in ZFW or legacy classic Firewall CBAC.
Pages:
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237