Easy Configuration and Implementation of zone-based firewall on Cisco IOS Router
With ZBFs, interfaces are placed into zones. Zones are created by the network administrator, using any naming convention that makes sense (although names such as inside, outside, and demilitarized zone [DMZ] are quite common).
Then policies are specified as to what transit (user) traffic is allowed to be initiated (for example, from users on the inside destined to resources on the outside) and what action the firewall should take, such as inspection (which means to do stateful inspection of the traffic).
After traffic is inspected, the reply traffic is allowed back through the firewall because of the stateful filtering feature. The policies are implemented in a single direction (for example, inside to outside).
Zone Based Firewall in IOS, combines 2 concepts: Modular Policy Framework and well-known Zones from ASA firewalls. ZBF solution is more secure than ACLs, easier to implement and to troubleshoot. Rely on statefull filtering what is also well-known from ASA firewalls. Despite this, is not fresh solution, but still works out very well.