Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
A . You must configure two zone pairs, one for each direction.
B . You can configure a single zone pair that allows bidirectional traffic flows for any zone.
C . You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone.
D . You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

View Answer

Answer: A

Explanation:

If you want to allow traffic between two zones, such as between the inside zone (using interfaces facing the inside network) and the outside zone (interfaces facing the Internet or less trusted networks), you must create a policy for traffic between the two zones, and that is where a zone pair comes into play. A zone pair, which is just a configuration on the router, is created identifying traffic sourced from a device in one zone and destined for a device in the second zone. The administrator then associates a set of rules (the policy) for this unidirectional zone pair, such as to inspect the traffic, and then applies that policy to the zone pair.

Source: Cisco Official Certification Guide, Zones and Why We Need Pairs of Them, p.380