Home » Cisco » 210-260 v.2 » What are two limitations of the self-zone policies on a zone-based firewall?
What are two limitations of the self-zone policies on a zone-based firewall? (Choose two.)
A. They are unable to block HTTPS traffic.
B. They are unable to support HTTPS traffic.
C. They are unable to implement application inspection.
D. They are unable to perform rate limiting.
E. They restrict SNMP traffic.
Correct Answer: CD
Explanation/Reference:
Self-Zone Policy Limitations
Self-zone policy has limited functionality as compared to the policies available for transit-traffic zone-pairs:
As was the case with classical stateful inspection, router-generated traffic is limited to TCP, UDP, ICMP, and complex-protocol inspection for H.323. Application Inspection is not available for self-zone policies.
Session and rate limiting cannot be configured on self-zone policies.
Reference: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
