Categories
CCNP Enterprise Core (350-401) Cisco Security

Zone Based Firewall – Default Zone

The default zone is a system-level zone, and any interface that is not a member of another security zone is placed into the default zone.

When an interface that is not in a security zone sends traffic to an interface that is an a security zone, that traffic will be dropped.

Network engineers may assume that a policy can not be configured to permit these flows, but it can if the default zone is enabled.

When the default zone is initialised, any interface that is not associated with a security zone will be placed into the default zone.

A policy can be created between the default zone and the target zone to permit traffic.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.