all 8 comments

[–]flukz 1 point2 points  (2 children)

The drunken ramblings of a snazzy consultant is always a fun read, so don't take it personally when I say it's an ASA.

[–]the-packet-throwerMeow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+![S] 0 points1 point  (1 child)

Meh I blame the drink

[–]flukz 0 points1 point  (0 children)


[–]baudrillard_is_fake 0 points1 point  (1 child)

Interesting. Haven't seen this used in the wild so far.

Have you seen or used this in a production environment?

Why would one choose to use this feature if an ASA was available?

Drop some knowledge on me, please mr. packet man.

[–]the-packet-throwerMeow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+![S] 1 point2 points  (0 children)

Yup ZFW is part of IWAN now, it is also fairly popular for DMVPN setups.

You would use it if you don't have a ASA or if you want to secure the DMVPN layer. Though now that Firepower is supported on routers it will probably overtake the feature.

[–]swagbitcoinmoney 0 points1 point  (2 children)

Does this work on older routers like 1841s/2811s, and is this secure enough for publicly-facing services?

[–]the-packet-throwerMeow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+![S] 0 points1 point  (1 child)

Yup ZBF has been around for awhile, as far as ACLs go it is far superior to regular ACLs.

[–]swagbitcoinmoney 0 points1 point  (0 children)

Would an 1841 or maybe ASA5505 be good for publicly-facing services run out of my home? (I'd port forward from ISP router to 1841 to the VMs running the services). These services would have very little usage but need to stay online 24/7 and I have limited budget, but security is important in this case because I feel that some people may specifically attempt to hack these. (it's not paranoia)