When is “Deny all” policy an exception in Zone Based Firewall
A.
traffic traverses 2 interfaces in same zone
B.
traffic sources from router via self zone
C.
traffic terminates on router via self zone
D.
traffic traverses 2 interfaces in different zones
E.
traffic terminates on router via self zone
Explanation:
+ There is a default zone, called the self zone, which is a logical zone. For any packets
directed to the router directly (the destination IP represents the packet is for the router), therouter automatically considers that traffic to be entering the self zone. In addition, any traffic
initiated by the router is considered as leaving the self zone.
By default, any traffic to or from the self zone is allowed, but you can change this policy.
+ For the rest of the administrator-created zones, no traffic is allowed between interfaces in
different zones.
+ For interfaces that are members of the same zone, all traffic is permitted by default.