Network Interview QnA
406 FOLLOWERS
Welcome to networkqna.com your number one source for all things CCNA, CCNP, CCIE and all other networking interview questions. We’re dedicated to giving you the very best of interview questions and answer so you will get your next job that you deserved.
Network Interview QnA
4y ago
Compare and Contrast OSI TCP/IP models
Encapsulation terminology for OSI and TCP/IP model:
Compare and contrast TCP and UDP protocols
Describe the impact of infrastructure components in an enterprise network
Firewall
– Firewalls sit in the forwarding path of all packets so that firewall can protect the whole network
– Firewall’s logic to discard/allow a packet:
– Like ACLs, match the source and destination IP address
– Like ACLs, identify applications by matching static well-known TCP/UDP ports
– Know what additional TCP/UDP ports are used by a particular flow
– Match the text in t ..read more
Network Interview QnA
4y ago
Network Interview QnA
4y ago
UDP 500- IPSEC phase 1 (IKE)
UDP 4500 -if there is nat device in between IPSEC (NAT-T Nat traversal)
IP Protocol 50 – IPSEC phase 2 protocol ( AH)
IP Protocol 51 – IPSEC phase 2 protocol (ESP)
Source: User submitted post
Thanks Laxman for submitting post ..read more
Network Interview QnA
4y ago
When you are troubleshooting TCP connection on the Cisco ASA firewall. The ‘sh conn’ output provides lots of important information about the state of the connection. Below is the flag details and example output of the sh conn command on the Cisco ASA
Inbound connection
Outbound connection
To see all the images in the app click on the blog banner picture and you will able to see all the images in the post
From the first line of output you can figure out that for the outbound connection, first SYN packet has been sent to firewall.
In the second line you can see the outbound data is flowing f ..read more
Network Interview QnA
4y ago
An iRule basically is a script that executes against network traffic passing through an F5 appliance. iRules can write simple, network-aware pieces of code that will manipulate network traffic in a variety of ways. Regardless of whether you’re looking to do some form of custom persistence, setting custom settings for the TCP/UDP protocols or rate-limiting that isn’t currently available within the product’s built-in options, or looking to completely customize the user experience by granularly controlling the flow or even the contents of a given session/packets.
iRules can route, re-route, redir ..read more
Network Interview QnA
5y ago
Explain, compare, and contrast the OSI layers
http://www.tcpipguide.com/free/t_OSIReferenceModelLayers.htm
7 – Application
Interacts with the user (FTP/HTTP/SMB/SSH/etc.)
6 – Presentation
Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON)
SSL/WEP/WPA
5 – Session
Allows two endpoints to exchange data for a period of time.
NetBIOS, TCP/IP Sockets, RPCs
Not necessarily the length of a TCP connection
4 – Transport
Facilitates communication between multiple applications on different computers.
Multiplexes and de-multiplexes multiple application ..read more
Network Interview QnA
5y ago
Overview
2 firewalls can be configured in a High Availability pair
HA Provides:
Redundancy
Business Continuity
If one firewall fails, the second can continue service with little to no interruption
HA options can be deployed as:
Active/Passive: One active, one standby firewall
Active/Active: Both Active, used in specific circumstances, such as asynchronous routing setups
Items Synchronized include:
Networks
Objects
Policies
Certificates
Session Tables (not available on the PA-200)
Items NOT Synchronized:
Management Interface configuration
HA Settings
Logs
ACC information
For a consolidated ..read more
Network Interview QnA
5y ago
Dashboard, ACC and Monitor
Dashboard
On the dashboard, individual widgets can be added and removed to have a customized display
A custom refresh counter can be set in the upper right hand corner.
ACC
Interactive graph of traffic and applications going through the firewall
Threat graph shows the risk of traffic going through
Custom Tabs can be added, with custom widgets to be added with information specific to your network and security concerns.
Filters
Applied by using the funnel shaped icon in the top right corner of the widget
Can be applied to a specific widget to set custom displays
Persi ..read more
Network Interview QnA
5y ago
Overview
PanOS does IPSec tunnels as route-based tunnels
Support for connecting to 3rd party IPSec devices
The tunnel is represented by a logical tunnel interface
The tunnel interface is placed in a zone
When traffic is sent to the tunnel, the VPN is connected and traffic sent across
IKEv1 vs IKEv2
IKEv1 is the most common version used
IKEv2 is primarily used to meet NDPP (network device protection profile), Suite B support and/or MS Azure compliance
IKEv2 preferred mode provides a fail back to IKEv1 after 5 retries (about 30 seconds)
IKE Phase 1
Identifies the endpoints of the VPN
Uses Peer ..read more
Network Interview QnA
5y ago
Overview
GlobalProtect: Solution to VPN Issues
Extends NGFW to endpoints
Deilvers full traffic visibility
Simplifies Management
Unifies policies
Stops Advanced Threat
Components
Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal
Gateways – Provide Security Enforcement for traffic
External gateways provide security enforcement and VPN Access
Internal Gateways apply security policy for access to internal resources
Connection Sequence
GP client connects to the portal for authentication
After auth, the portal sends the ..read more