1. What is the difference between
the ASA firewall operating in Routed Mode and Transparent Mode ?
Ans : A firewall in a routed
mode is a routed hop and acts as a default gateway for hosts that connect to
one of its screened subnets. . A transparent
firewall, on the other hand, is a Layer 2 firewall that acts like a "bump
in the wire," or a "stealth firewall," and is not
seen as a router hop to connected devices.
2. How to control ARP Traffic in Transparent mode of ASA Firewall ?
Ans : ARP Inspection is used to control ARP Traffic
3. What is mean by Stealth Firewall ?
Ans :
4. What are called Non-IP Traffic?
Ans : AppleTalk, IPX, BPDUs, and MPLS
5. What happen when you change the mode of firewall from Routed to Transparent ?
Ans : When you change modes, the adaptive security appliance clears
the configuration because many commands are not supported in both modes.
6. what are the different types of NAT supported by ASA ?
Ans : i. Static NAT
Ans : i. Static NAT
ii. Dynamic NAT
iii. Static PAT
iv. Dynamic PAT
v. Identity NAT
vi. Static Identity NAT
vii. NAT Exemption
iii. Static PAT
iv. Dynamic PAT
v. Identity NAT
vi. Static Identity NAT
vii. NAT Exemption
7. What is mean by Load Balancing?
In firewall, load balancing means the two firewall are configured in such a way that both the firewall will process the client request based on specific algorithm ( such as Round Robin Algorithm )
In firewall, load balancing means the two firewall are configured in such a way that both the firewall will process the client request based on specific algorithm ( such as Round Robin Algorithm )
8. What is the use of VPN ?
VPN is used to create a seperate tunnel between two users to have a secure connection which means the data is encapsulated before sending.
VPN is used to create a seperate tunnel between two users to have a secure connection which means the data is encapsulated before sending.
9. What is the use of Proxy ARP ?
Ans : Proxy ARP feature will enable the device to answer the ARP queries for the network address that is not on that network
Ans : Proxy ARP feature will enable the device to answer the ARP queries for the network address that is not on that network
10. What is mean by Policy Based NAT?
11. Can you explain about OSI Model ?
Ans : OSI model is develpoped to have a common reference model for communication between devices of different vendors. It consists of seven layers
The bottom layer in OSI model is ''Physical Layer '' which is responsible for forming a physical interfaces between devices which allows for transmission of data in raw bit stream.
The second bottom layer is " Data Link Layer" which is responsible for
12. What do you mean by Access List?
Ans : Routers ,Cisco ASA firewall provide traffic filtering capabilities using the access-list . Access list consists of ACE ( Access Control Entries ). An ACE is a single entry which permits or deny based on Protocol , Source and Destination address and can also be used source and destination port numbers
Cisco ASA supports mant Access list types
1. Standard Access List
2. Extendd Access List
3. Ethertype Access List
4. Web based Access List
5. IPv6 Access List
13. Differnce between TCP and UDP
Ans : OSI model is develpoped to have a common reference model for communication between devices of different vendors. It consists of seven layers
The bottom layer in OSI model is ''Physical Layer '' which is responsible for forming a physical interfaces between devices which allows for transmission of data in raw bit stream.
The second bottom layer is " Data Link Layer" which is responsible for
12. What do you mean by Access List?
Ans : Routers ,Cisco ASA firewall provide traffic filtering capabilities using the access-list . Access list consists of ACE ( Access Control Entries ). An ACE is a single entry which permits or deny based on Protocol , Source and Destination address and can also be used source and destination port numbers
Cisco ASA supports mant Access list types
1. Standard Access List
2. Extendd Access List
3. Ethertype Access List
4. Web based Access List
5. IPv6 Access List
13. Differnce between TCP and UDP
TCP
|
UDP
|
|
Acronym for:
|
Transmission Control Protocol
|
User Datagram Protocol or Universal Datagram Protocol
|
Function:
|
As a message makes its way across the internet from one computer
to another. This is connection based.
|
UDP is also a protocol used in message transport or transfer.
This is not connection based which means that one program can send a load of
packets to another and that would be the end of the relationship.
|
Usage:
|
TCP is used in case of non-time critical applications.
|
UDP is used for games or applications that require fast
transmission of data. UDP's stateless nature is also useful for servers that
answer small queries from huge numbers of clients.
|
Examples:
|
HTTP, HTTPs, FTP, SMTP Telnet etc...
|
DNS, DHCP, TFTP, SNMP, RIP, VOIP etc...
|
Ordering of data packets:
|
TCP rearranges data packets in the order specified.
|
UDP has no inherent order as all packets are independent of each
other. If ordering is required, it has to be managed by the application
layer.
|
Speed of transfer:
|
The speed for TCP is slower than UDP.
|
UDP is faster because there is no error-checking for packets.
|
Reliability:
|
There is absolute guarantee that the data transferred remains
intact and arrives in the same order in which it was sent.
|
There is no guarantee that the messages or packets sent would
reach at all.
|
Header Size:
|
TCP header size is 20 bytes
|
UDP Header size is 8 bytes.
|
Common Header Fields:
|
Source port, Destination port, Check Sum
|
Source port, Destination port, Check Sum
|
Streaming of data:
|
Data is read as a byte stream, no distinguishing indications are
transmitted to signal message (segment) boundaries.
|
Packets are sent individually and are checked for integrity only
if they arrive. Packets have definite boundaries which are honored upon receipt,
meaning a read operation at the receiver socket will yield an entire message
as it was originally sent.
|
Weight:
|
TCP requires three packets to set up a socket connection, before
any user data can be sent. TCP handles reliability and congestion control.
|
UDP is lightweight. There is no ordering of messages, no
tracking connections, etc. It is a small transport layer designed on top of
IP.
|
Data Flow Control:
|
TCP does Flow Control. TCP requires three packets to set up a
socket connection, before any user data can be sent. TCP handles reliability
and congestion control.
|
UDP does not have an option for flow control
|
Error Checking:
|
TCP does error checking
|
UDP does error checking, but no recovery options.
|
Fields:
|
1. Sequence Number, 2. AcK number, 3. Data offset, 4. Reserved,
5. Control bit, 6. Window, 7. Urgent Pointer 8. Options, 9. Padding, 10.
Check Sum, 11. Source port, 12. Destination port
|
1. Length, 2. Source port, 3. Destination port, 4. Check Sum
|
Acknowledgement:
|
Acknowledgement segments
|
No Acknowledgment
|
Connection:
|
TCP is a connection-oriented protocol.
|
UDP is a connectionless protoc
|
