In the preceding chapter, you saw how the philosophy of firewall design has evolved from packet-filter-oriented designs toward zone-based designs. In this chapter, we discuss several well-known firewall designs and describe the filtering policies used in them. These designs then serve as the blueprints for the following implementation chapters, in which you’ll see how you can translate a zone-based design directly into Cisco IOS configuration commands.