When is "Deny all" policy an exception in Zone Based Firewall

Posted by: Pdfprep Category: 210-260 Tags: , , Post Date: November 19, 2020

When is "Deny all" policy an exception in Zone Based Firewall
A . traffic traverses 2 interfaces in same zone
B . traffic sources from router via self zone
C . traffic terminates on router via self zone
D . traffic traverses 2 interfaces in different zones
E . traffic terminates on router via self zone

Answer: A

Explanation:

+ There is a default zone, called the self zone, which is a logical zone. For any packets directed to the router directly (the destination IP represents the packet is for the router), the router automatically considers that traffic to be entering the self zone. In addition, any traffic initiated by the router is considered as leaving the self zone. By default, any traffic to or from the self zone is allowed, but you can change this policy.

+ For the rest of the administrator-created zones, no traffic is allowed between interfaces in different zones.

+ For interfaces that are members of the same zone, all traffic is permitted by default.

Source: Cisco Official Certification Guide, Zones and Why We Need Pairs of Them, p.380

Author

Leave a Reply

Your email address will not be published.