Compare and Contrast OSI TCP/IP models Encapsulation terminology for OSI and TCP/IP model:   Compare and contrast TCP and UDP protocols Describe the impact of infrastructure components in an enterprise network Firewall – Firewalls sit in the forwarding path of all packets so that firewall can protect the whole network – Firewall’s logic to discard/allow a packet: – Like ACLs, match the source and destination IP address – Like ACLs, identify applications by matching static well-known TCP/UDP ports – Know what additional TCP/UDP ports are used by a particular flow – Match the text in t ..read more

..read more

UDP 500- IPSEC phase 1 (IKE) UDP 4500 -if there is nat device in between IPSEC  (NAT-T Nat traversal) IP Protocol 50 – IPSEC phase 2 protocol ( AH) IP Protocol 51 – IPSEC phase 2 protocol (ESP)   Source: User submitted post Thanks Laxman for submitting post ..read more

When you are troubleshooting TCP connection on the Cisco ASA firewall. The ‘sh conn’ output provides lots of important information about the state of the connection. Below is the flag details and example output of the sh conn command on the Cisco ASA Inbound connection Outbound connection To see all the images in the app click on the blog banner picture and you will able to see all the images in the post From the first line of output you can figure out that for the outbound connection, first SYN packet has been sent to firewall. In the second line you can see the outbound data is flowing f ..read more

An iRule basically is a script that executes against network traffic passing through an F5 appliance. iRules can write simple, network-aware pieces of code that will manipulate network traffic in a variety of ways. Regardless of whether you’re looking to do some form of custom persistence, setting custom settings for the TCP/UDP protocols or rate-limiting that isn’t currently available within the product’s built-in options, or looking to completely customize the user experience by granularly controlling the flow or even the contents of a given session/packets. iRules can route, re-route, redir ..read more

Explain, compare, and contrast the OSI layers http://www.tcpipguide.com/free/t_OSIReferenceModelLayers.htm  7 – Application Interacts with the user (FTP/HTTP/SMB/SSH/etc.) 6 – Presentation Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON) SSL/WEP/WPA 5 – Session Allows two endpoints to exchange data for a period of time. NetBIOS, TCP/IP Sockets, RPCs Not necessarily the length of a TCP connection 4 – Transport Facilitates communication between multiple applications on different computers. Multiplexes and de-multiplexes multiple application ..read more

Overview 2 firewalls can be configured in a High Availability pair HA Provides: Redundancy Business Continuity If one firewall fails, the second can continue service with little to no interruption HA options can be deployed as: Active/Passive: One active, one standby firewall Active/Active: Both Active, used in specific circumstances, such as asynchronous routing setups Items Synchronized include: Networks Objects Policies Certificates Session Tables (not available on the PA-200) Items NOT Synchronized: Management Interface configuration HA Settings Logs ACC information For a consolidated ..read more

Dashboard, ACC and Monitor Dashboard On the dashboard, individual widgets can be added and removed to have a customized display A custom refresh counter can be set in the upper right hand corner. ACC Interactive graph of traffic and applications going through the firewall Threat graph shows the risk of traffic going through Custom Tabs can be added, with custom widgets to be added with information specific to your network and security concerns. Filters Applied by using the funnel shaped icon in the top right corner of the widget Can be applied to a specific widget to set custom displays Persi ..read more

Overview PanOS does IPSec tunnels as route-based tunnels Support for connecting to 3rd party IPSec devices The tunnel is represented by a logical tunnel interface The tunnel interface is placed in a zone When traffic is sent to the tunnel, the VPN is connected and traffic sent across IKEv1 vs IKEv2 IKEv1 is the most common version used IKEv2 is primarily used to meet NDPP (network device protection profile), Suite B support and/or MS Azure compliance IKEv2 preferred mode provides a fail back to IKEv1 after 5 retries (about 30 seconds) IKE Phase 1 Identifies the endpoints of the VPN Uses Peer ..read more

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access Internal Gateways apply security policy for access to internal resources Connection Sequence GP client connects to the portal for authentication After auth, the portal sends the ..read more