CBAC versus ZBFP?

Unanswered Question
Jon Marshall Fri, 03/12/2010 - 00:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


This short doc should help. Basically CBAC applies to interfaces on the router whereas ZBFW allows you to group interfaces into zones and then apply traffic policies between the zones -



Ganesh Hariharan Fri, 03/12/2010 - 01:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016


what is the difference between between CBAC and ZBFP?



Context-based Access Control (CBAC)

A methodology and algorithms used by Cisco IOS Devices (usually routers or L3 switches) preforming as a network. Firewall to control access to network resource controlled by that perimeter firewall.
Context-based access control (CBAC) intelligently filters TCP and UDP packets based on application-layer protocol session information and can be used for intranets, extranets and internets.You can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect.

Zone-based Firewall (ZBF)

A new model for configuring the Cisco IOS Firewall function. This new configuration model provides unidirectional application of firewall policies between groups of interfaces known as "zones." That is, interfaces are assigned to zones, and specific inspection policies are applied to traffic moving between the zones.

Check out the below link for more information

Hope to help !!



This Discussion