Home
  • Features
    • Packet Tracer 9.0 available for download !
    • Cisco Modeling Labs 2.8 available for download !
    • What's new in GNS3 3.0.0 ?
    • What's new in Packet Tracer 8.2.2 ?
    • What's new in Packet Tracer 8.1.1 ?
    • What's new in Packet Tracer 8.0.1 ?
    • What's new in Packet Tracer 8.0.0 ?
    • What's new in Packet tracer 7.4.0T ?
    • What's new in Packet Tracer 7.3.1 ?
    • What's new in Packet Tracer 7.3 ?
    • What's new in Packet Tracer 7.2.2 ?
    • What's new in Packet Tracer 7.2.1 ?
    • What's new in Packet Tracer 7.2 ?
    • What's new in Packet Tracer 7.1.1 ?
    • What's new in Packet Tracer 7.1 ?
    • Cisco Packet Tracer features
    • System requirements
    • Routeurs and WIC modules
    • Packet Tracer 8.2 vs GNS3 3.0
    • Real network connection
  • Try it online !
  • Labs
    • Packet Tracer labs
    • Lab 1 : Basic switch setup
    • Lab 2 : Interfaces configuration
    • Lab 3 : VLAN and VTP
    • Lab 4 : Port security
    • Lab 6 : Basic router setup
    • Lab 11 : HDLC configuration
    • Lab 12 : PPP configuration
    • Lab 16 : Clientless SSL VPN
    • Lab 17 - Site to site IPSEC VPN with ASA 5505
    • Lab 18 : ASA 5506-X DMZ configuration
    • Lab 19 - DPI with ASA 5505
    • Lab 20 - CBAC trafic Inspection with ISR router
    • Lab 21 - Wlan users differentiation
  • Tutorials
    • Netflow configuration
    • HSRP Configuration
    • ACL configuration
    • DHCP configuration
    • Frame Relay configuration
    • Radius configuration
    • Video tutorials
    • BGP configuration
    • VOIP - Telephony devices
    • VOIP - Basic configuration
    • VOIP - Advanced configuration
    • IPSEC VPN tunneling
    • Cisco 819 ISR router AP configuration
    • Precision Time Protocol
    • LLDP configuration
    • Wireless - WLC configuration
  • IoT
    • IoT devices configuration
    • Arduino emulation for IoT programming
    • IoT advanced programming
    • IoT with IoX on ISR 819 router
    • Blocky programming IoT devices
    • Real HTTP server using SBC device
  • CCNA / CCNP
    • What is Cisco Networking Academy ?
    • CCENT certification exam
    • CCNA certification exam
    • CCNP Enterprise training
    • CCNP training : Cisco CSR1000v
    • CCNP training : FRRouting (FRR)
  • Blog
  • Download
  • Archives

Packet Tracer Blog

Last Updated: 16 November 2024

Zone based firewalling in Cisco Packet Tracer

Zone based firewalling is available in Cisco Packet Tracer 2800 routers with IOS 12.4(15)T1 and in new 2901/2911 ISR routers with IOS 15.1(4). This feature was introduced by Cisco in IOS 12.4(6)release.

The zone-member command seems to be only available on 2811 router's FastEthernet interfaces. It is not available on vlan interfaces of this router or in a 2911 router.

Configuration example:

class-map type inspect match-all all-private
 match access-group 101
!         
policy-map type inspect priv-pub-pmap
 class type inspect all-private
  inspect
 class class-default
!
zone security public
zone security private

zone-pair security priv-pub source private destination public
 service-policy type inspect priv-pub-pmap
! 
interface FastEthernet0/0
 ip address 192.168.110.44 255.255.255.0
 zone-member security public
!

Read next :

  • Download Cisco Packet Tracer 9.0 & GNS3
    Download Cisco Packet Tracer 9.0 & GNS3
    2025-06-15
  • Lab 3 - VLAN and VTP
    2025-04-05
  • Lab 12 - PPP
    2025-04-05
  • Lab 11 - HDLC
    Lab 11 - HDLC
    2025-04-05
  • Lab 1 - Basic switch setup
    2025-04-05

Trademark notice : This web site and/or material is not affiliated with, endorsed by, or sponsored by Cisco Systems, Inc. Cisco, Cisco Systems, Cisco IOS, CCNA, CCNP, Networking Academy, Linksys are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. or certain other countries.