1 The router ( R1 ) will be Firewall 

: used to stop traffic from somewhere to somewhere else

First think we need to do is too identify Zones (similar interfaces are added to zones, these interfaces
have similar function : Host function, Servers for public function, servers for private function

First zone : OutSide with interface Fa4/0

The second zone is « let call it DMZ” connected to Fa3/0

Fa2/0 and Fa1/0 are two inside interfaces

The default rules of the Firewall
Is implicite deny, so traffic between zones is deny

Identify traffic or (Class Maps)

 Could mean traffic between subnets, like Fa2/0 10.2.0.0/24 and Fa1/0 10.1.0.0/25 in figure
 Could mean traffic nased upon layer 4 traffic protocols,
 Could be based upon applications layer services like P2P networking
Identify policy Map
What to do to this traffic ? this mean rules based traffic
Exemple : inspect the traffic “remember” as in CBAC, when we get outbounce traffic, we rember it,
when it comback we allow it to go inside, if there is no information about the remember the traffic
coming from outside will be bloked

3 action inspect , allow/pass, drop

To identify when set the inspection we need
We need to identify the traffic going out (coming from inside) and the raffic coming from outside
Traffic from user to internet
Traffic from internet to user
Example: IN-TO-OUT
Source: IN
Dest: Outs
We have rules for traffic IN-TO-OUT: pour UDP, HTTP, TCP ….
Service policy appy the policy Maps for pair of Zones (traffic for one zone to another one)
We can filter
Application inspection like : protocol inspection
Examle some one use protocol but change commande inside (we can stop it by deep inspection)

192.168.76.131