1. Why doesn't "drop log" policy-map action send unreachables? Is this a bug or feature?
2. Why doesn't ZPF control multicasts terminated at the self zone (EIGRP, for example), so it is not possible to control which multicasts are accepted and which aren't. Is this a bug or feature?
3. Why is SMTP guard enabled by default and cannot be disabled if "match protocol smtp" is used? Is this a bug or feature?
4. Does cisco have performance metrics for ZPF compared to traditional CBAC?