Monday, December 12, 2011
Tuesday, June 21, 2011
Network and Security interview questions (Cisco)
cisco firewall
0.What is stateful inspection & Packet filtering.Whats the difference ?
1.What is Adaptive security algorithm?
2.what are the default security levels for interfaces in firewall?
2.How would the firewall treat a TCP and UDP packets when it crosses the firewall ?
3.Tell me abt the different types of nat?
3.What is the order of nat ?
4.what is nat control ?
5.What are the troubleshooting mechanism to be followed in cisco firewalls?
a) different flow lookups in the output of packet tracer
6.What is stateful failover ? (command to enable failover)
7.what is transparent firewall ?
8.how to check the the connections and nat translations?
9.How would you trouble shoot the high utilization issue in firewall ?
10.one of the best issues u have troubleshooted with firewall ?
11.Diff between a IPS & Firewall ?
VPN
1.What is site-site and remote acces vpn?
2.What is phase 1 tunnel and the paramters involved ?
3.What is phase 2 tunnel and the paramters involved ?
4.What is PFS ?
5.Why would a DH is required ?
6.How to check the status of the tunnel in phase 1 & 2 ?
7.what are the commands required to troubleshoot VPN?
8.what is GRE and why its required?
9.How can we carry routing updates via ipsec without GRE?
10.What is nat traversal?
11.What are the ports involved in nat traversal ?
General
1.Diff between TCP & UDP?
2.What is ARP & RARP
3.Firewall works at what layer?
4.What is DNs doctoring ?
5.What is proxy & Gratituous arp ?
6.active & passive ftp ?
7.what is DHCP relay agent ? if DHCP server locates in a different subnet , how would the process works?
8 What is MTU and fragmentation ?
9.best issue you have troubleshooted
10.what is dos attack , spoofing attack ? how can be prevented?
11.some best practices that you have implemented in the devices
Routing
1.What is subneting and superneting ?
2.What is static route and a default route ?
3.What is classful and class less routing
4.what is dynamic routing? eg
if Ospf
1.metric used for ospf
2.what are the Parameters required for ospf neighbourship?
3.what is NSSA , stubby ,total stubby ?
4.How would the cost of the interfaces is calculated?
5.Commands to view the eigrp neighbour
If EIGRP
1.Metric for eigrp and its AD
2.What is stuck in active.
3.How would the un equal load balancing works with eigrp?
4.diff between EIGRP and OSPF
5.Commands to view the eigrp neighbour
IF BGP
1.What is IBGP and EBGP ?
2.What is LOcal prefernce and MED?
3.What is BGP synchronization ?
4.what is AD of IBG and EBGP?
5.we have two entries in the routing table , say for an example
192.168.1.0 /24 --> 1.1.1.1
192.168.1.128/25 --->2.2.2.2
what is the next hop to reach 192.168.1.200 ?
6.Why is redistribution required?
7.How would you filter the routes being redistributed?
Cisco IPS
1.What is IPS and IDS .Tell me the difference between them ?
2.What are the ips modules you have worked?
3.What is AIP-SSM
4.What is promiscuous and inline mode ?
5.What is a signature ? tell me some signature engines?
6.How would you implement an ips in a network ?
7.How would you manage IPS ?
8.What is false positive and false negative
9.What are the event action involved in inline mode?
0.What is stateful inspection & Packet filtering.Whats the difference ?
1.What is Adaptive security algorithm?
2.what are the default security levels for interfaces in firewall?
2.How would the firewall treat a TCP and UDP packets when it crosses the firewall ?
3.Tell me abt the different types of nat?
3.What is the order of nat ?
4.what is nat control ?
5.What are the troubleshooting mechanism to be followed in cisco firewalls?
a) different flow lookups in the output of packet tracer
6.What is stateful failover ? (command to enable failover)
7.what is transparent firewall ?
8.how to check the the connections and nat translations?
9.How would you trouble shoot the high utilization issue in firewall ?
10.one of the best issues u have troubleshooted with firewall ?
11.Diff between a IPS & Firewall ?
VPN
1.What is site-site and remote acces vpn?
2.What is phase 1 tunnel and the paramters involved ?
3.What is phase 2 tunnel and the paramters involved ?
4.What is PFS ?
5.Why would a DH is required ?
6.How to check the status of the tunnel in phase 1 & 2 ?
7.what are the commands required to troubleshoot VPN?
8.what is GRE and why its required?
9.How can we carry routing updates via ipsec without GRE?
10.What is nat traversal?
11.What are the ports involved in nat traversal ?
General
1.Diff between TCP & UDP?
2.What is ARP & RARP
3.Firewall works at what layer?
4.What is DNs doctoring ?
5.What is proxy & Gratituous arp ?
6.active & passive ftp ?
7.what is DHCP relay agent ? if DHCP server locates in a different subnet , how would the process works?
8 What is MTU and fragmentation ?
9.best issue you have troubleshooted
10.what is dos attack , spoofing attack ? how can be prevented?
11.some best practices that you have implemented in the devices
Routing
1.What is subneting and superneting ?
2.What is static route and a default route ?
3.What is classful and class less routing
4.what is dynamic routing? eg
if Ospf
1.metric used for ospf
2.what are the Parameters required for ospf neighbourship?
3.what is NSSA , stubby ,total stubby ?
4.How would the cost of the interfaces is calculated?
5.Commands to view the eigrp neighbour
If EIGRP
1.Metric for eigrp and its AD
2.What is stuck in active.
3.How would the un equal load balancing works with eigrp?
4.diff between EIGRP and OSPF
5.Commands to view the eigrp neighbour
IF BGP
1.What is IBGP and EBGP ?
2.What is LOcal prefernce and MED?
3.What is BGP synchronization ?
4.what is AD of IBG and EBGP?
5.we have two entries in the routing table , say for an example
192.168.1.0 /24 --> 1.1.1.1
192.168.1.128/25 --->2.2.2.2
what is the next hop to reach 192.168.1.200 ?
6.Why is redistribution required?
7.How would you filter the routes being redistributed?
Cisco IPS
1.What is IPS and IDS .Tell me the difference between them ?
2.What are the ips modules you have worked?
3.What is AIP-SSM
4.What is promiscuous and inline mode ?
5.What is a signature ? tell me some signature engines?
6.How would you implement an ips in a network ?
7.How would you manage IPS ?
8.What is false positive and false negative
9.What are the event action involved in inline mode?
Monday, June 13, 2011
R70.20 Upgradation Procedure
R70.20 Upgradation Procedure:
Step1: Take the configuration Backup of both the Nokia Appliances.
Step2: Take the Backup of Static Routes.
Step3: Connect the laptop to Console & Management interface eth3 of the Secondary Firewall Appliance.
Step4: Keep the below checkpoint Wrapper packages in FTP server path of Laptop.
a) Check_Point_R70.20.ipso6.tgz
b) Check_Point_R70.IPSO.tgz
c) ipso-6_2-ga039.zip
Step5: Upload “ipso-6_2-ga039.zip” to Secondary Firewall using FTP Server by giving the command “newimage –i”
Step6: Provide the FTP server ip details (Laptop) & path (/) from where it will upload the file.
Step7: once installation is done it will reboot the Appliance.
Step8: check the IPSO version using the command “uname –a “
Step9: Upload & install R70 Wrapper package “Check_Point_R70.IPSO.tgz” through FTP server.
Step10: install the R70 Wrapper package by giving command “newpkg “
Step11: It asks for FTP ip details & Path and then Package file name. Provide the R70 Wrapper file name “Check_Point_R70.IPSO.tgz”
Step12: Once the Wrapper Package is installed reboot the Appliance.
Step13: check the Firewall Checkpoint Wrapper version “fw ver “
Step14: Now connect the Appliance using SSH access and upload the R70.20 Package into the Appliance.
Step15: ftp; provide the FTP credentials
Step16: Select the R70.20 Package from the Option & upload the file
Step17: gunzip Check_Point_R70.20.ipso6.tgz. Check for the extracted file name by using command “ls –l” where you will find file name “Chek_Point_R70.20.ips
Step18: tar –zxvf Check_Point_R70.20.ipso6.tar
Step19: ./Unixinstallscript
Step20: Reboot the Appliance.
Step1: Take the configuration Backup of both the Nokia Appliances.
Step2: Take the Backup of Static Routes.
Step3: Connect the laptop to Console & Management interface eth3 of the Secondary Firewall Appliance.
Step4: Keep the below checkpoint Wrapper packages in FTP server path of Laptop.
a) Check_Point_R70.20.ipso6.tgz
b) Check_Point_R70.IPSO.tgz
c) ipso-6_2-ga039.zip
Step5: Upload “ipso-6_2-ga039.zip” to Secondary Firewall using FTP Server by giving the command “newimage –i”
Step6: Provide the FTP server ip details (Laptop) & path (/) from where it will upload the file.
Step7: once installation is done it will reboot the Appliance.
Step8: check the IPSO version using the command “uname –a “
Step9: Upload & install R70 Wrapper package “Check_Point_R70.IPSO.tgz” through FTP server.
Step10: install the R70 Wrapper package by giving command “newpkg “
Step11: It asks for FTP ip details & Path and then Package file name. Provide the R70 Wrapper file name “Check_Point_R70.IPSO.tgz”
Step12: Once the Wrapper Package is installed reboot the Appliance.
Step13: check the Firewall Checkpoint Wrapper version “fw ver “
Step14: Now connect the Appliance using SSH access and upload the R70.20 Package into the Appliance.
Step15: ftp
Step16: Select the R70.20 Package from the Option & upload the file
Step17: gunzip Check_Point_R70.20.ipso6.tgz. Check for the extracted file name by using command “ls –l” where you will find file name “Chek_Point_R70.20.ips
Step18: tar –zxvf Check_Point_R70.20.ipso6.tar
Step19: ./Unixinstallscript
Step20: Reboot the Appliance.
Subscribe to:
Posts (Atom)