Is the firewall configured for dynamic routing? If not, you can disable it with the following command:
cf daemond disable agent=zebra
Will the process remain disabled if the firewall is registered to Control Center?
Ah, a curveball. I'm not 100% sure, but my guess is that it will not remain disabled after a policy push from the CC. I can try to test in our environment if an answer to this is crucial. What version firewall and CC are you using?
Is there a reason that you want zebra disabled? It is a local daemon only accessible from the firewall's loopback, and is only used to configure dynamic routing.
Firewall - 70102
Control Center - 40005
Regulatory compliance dictates that we disable any ports and/or services that are not required.