The security policies are assigned to traffic between the zones. Instead of assigning access lists, different zones are created and assigned to interfaces. The zone-based firewall utilizes a zone configuration model. Zone-based firewalls overcome these limitations. Moreover, CBAC limits the granularity of firewall policy applications, especially firewall policies that are required to be applied between multiple interfaces. Using CBAC produces multiple problems such as manual configuration on every associated interface which is time-consuming and prone to errors.
Traffic that passes through the interface receives the same policy and it also works alongside ACL. The traditional Cisco IOS stateful firewall, Context-Based Access Control (CBAC), is an interface-based configuration model wherein the interface is individually configured with a stateful firewall inspection policy. The Zone-Based Firewall is the most advanced and the latest integrated stateful firewall technology that is available on Cisco IOS routers.