Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ZBF vs. CBAC?

I am just getting into my CCNA Security and am learning the differences between ZBF and CBAC and I know there are definately beneifts of this. My company currently uses CBAC implementation on their branch routers probably only because the majority of them have an older IOS that doesn't support ZBF. My question is what kind of overhead is used in comaprison from CBAC to ZBF?

I am going through one of our newer routers that I am using as a guinea pig and as I am going through the configuration, I would think that using implemeting ZBF is going to cost more in overhead that it does with a CBAC. I am not too concerned about this with our newer sites because they are all running 2901's and have a pretty good CPU in them currently. What I am concerned about is if I were to upgrade the IOS in our other routers, which are 1841's, that the CPU may not like the ZBF implementation.

any thoughts on this would be wonderful!

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

ZBF vs. CBAC?

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
3 REPLIES

ZBF vs. CBAC?

Hello Jason,

Being a Ex-Cisco Security Tac Engineer that loved to handle IOS FW issues I can ensure ZBFW is the way to go.

Way more flexible in policy configuration, tshoot, etc ,etc.

Regarding the CPU ZBFW is not a feature that will take  the performance of your router down like the IOS IPS is well known to do

I would actually recommend you to read and investigate about the benefits of one over the other bud.

As long as you can run 12.4(6)T you will be fne.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ZBF vs. CBAC?

Julio,

Thanks for the insight. I am actually going through working on a configuration as we speak and am already running into a couple of dufferent issues that I will probably post in a different post.

Thanks for the help,

ZBF vs. CBAC?

Hello Jason,

Glad to know that I could help,

Let me know when you open the discussions so I can help, You can mark this question as answered.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
450
Views
0
Helpful
3
Replies
CreatePlease login to create content