Which additional configuration steps are required for a zone-based policy firewall to operate in a
VRF scenario?
A.
You must assign zone-based policy firewall bridge groups to work in the virtual environment.
B.
Separate zone-based policy firewall policies must be defined for each VRF environment.
C.
Separate zones must be defined for each virtual zone-based policy firewall instance.
D.
No special zone-based policy firewall configurations are needed.
Explanation:
Ensure that you utilized several security layers in your design to adequately protect the rest of
your network from the guest VLAN. You might even consider putting them in a separate Virtual
Routing and Forwarding (VRF) instance. VRFs are configurations on Cisco IOS Software routers
and switches that can be used to provide traffic separation, making them a good solution to keep
guest traffic segregated from your corporate traffic.
ZBPFW is also Virtual Routing and Forwarding (VRF) aware and can be used between different
VRFs. Interfaces that are configured in different VRFs should not be configured in the same zone,
and thus all interfaces that are in a zone must be configured within the same VRF. If there is a
common interface or interfaces that are used by multiple VRFs, a common zone should be created
and individually paired with each zone (and thus with each VRF).