I am planning to use ZBFW in my network but I face a problem with "extending the legs" for ZBFW. I have two router, Router A is a L3 switch and is configured with all the IPs, Vlans and current ACL list. Router B will be added to the existing topology and configured with ZBFW. All Traffic is expected to flow through Router B before reaching Router A.
Once I have created the different zone on router B, how can I apply this configuration so that I can control traffic between different vlans in router A??? As the documentation from cisco, as I understand cisco expect all the invidual vlans and zone base configuration should be on the same router and not separate.
Thank you very much in advance.
I'm slightly confused about the topology based on your description below. Please confirm if this is indeed your topology:
ClientVlanX -> Router A (L3 Switch) -> Router B (with ZBF) -> Internet
If you trunk the link between Router A and Router B, to include multiple Vlans (ie X and Y), you can configure sub-interfaces on the Router B. With the sub-interfaces, you can assign each sub-interface to a different zone. You would then specify different zone policies that define what traffic is allowed between ZoneXY and ZoneYX.
If this doesn't completely answer your question, please provide me more information about your topology and requirements and I'll do what I can assist.