Network Firewall: Most Frequently Asked Interview Questions

–H3ll0 Community, here are the answers to the most frequently asked questions in an interview about Network firewalls :

• What is a Firewall?
  Firewall is a device that is placed between a trusted and an untrusted network. It deny or permit traffic that enters or leaves network based on pre-configured policies. Firewalls protect inside networks from unauthorized access by users on an outside network. A firewall can also protect inside networks from each other for example by keeping a Management network separate from a user network.
• What is the difference between Gateway and Firewall?
  A Gateway joins two networks together and a network firewall protects a network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
• Firewalls works at which Layers?
  Firewalls work at layer 3, 4 & 7.
• What is the difference between Stateful & Stateless Firewall?
  Stateful firewall – A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about a users connections in a state table, referred to as a connection table. It than uses this connection table to implement the security policies for users connections. Example of stateful firewall are PIX, ASA, Checkpoint.
  Stateless firewalls – (Packet Filtering) Stateless firewalls on the other hand, does not look at the state of connections but just at the packets themselves.
• What information does Stateful Firewall Maintains?
  Stateful firewall maintains following information in its State table:-
  1.Source IP address.
  2.Destination IP address.
  3.IP protocol like TCP, UDP.
  4.IP protocol information such as TCP/UDP Port Numbers, TCP Sequence Numbers, and TCP Flags.
• How can we allow packets from lower security level to higher security level (Override Security Levels)?
  We use ACLs to allow packets from lower security level to higher security level.
• What is the security level of Inside and Outside Interface by default?
  Security Level of Inside interface by default is 100. Security Level of Outside Interface by default is 0.
• Explain DMZ (Demilitarized Zone)?
  If we need some network resources such as a Web server or FTP server to be available to outside users we place these resources on a separate network behind the firewall called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the inside network.
• How does a firewall process a packet?
  When a packet is received on the ingress interface, Firewall checks if it matches an existing entry in the connection table. If it does, protocol inspection is carried out on that packet.
  If it does not match an existing connection and the packet is either a TCP-SYN packet or UDP packet, the packet is subjected to ACL checks.The reason it needs to be a TCP-SYN packet is because a SYN packet is the first packet in the TCP 3-way handshake. Any other TCP packet that isn’t part of an existing connection is likely an attack.
  If the packet is allowed by ACLs and is also verified by translation rules, the packet goes through protocol inspection.
  
• What are the values for timeout of TCP session, UDP session, ICMP session?
  TCP session – 60 minutes
  UDP session – 2 minutes
  ICMP session – 2 seconds
• Explain TCP Flags?
  While troubleshooting TCP connections through the Firewall, the connection flags shown for each TCP connection provide information about the state of TCP connections to the Firewall.
• What are the different types of ACL in Firewall?
  1.Standard ACL
  2.Extended ACL
  3.Ethertype ACL (Transparent Firewall)
  4.Webtype ACL (SSL VPN)
• What is Tranparent Firewall?
  In Transparent Mode, Firewall acts as a Layer 2 device like a bridge or switch and forwards ethernet frames based on destination mac-address.
• What is the need of Transparent Firewall?
  If we want to deploy a new firewall into an existing network it can be a complicated process due to various issues like IP address reconfiguration, network topology changes, current firewall etc. We can easily insert a transparent firewall in an existing segment and control traffic between two sides without having to readdress or reconfigure the devices.
• Explain Ether-Type ACL?
  In Transparent mode, unlike TCP/IP traffic for which security levels are used to permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.
• What is Policy NAT?
  Policy NAT allows you to NAT by specifying both the source and destination addresses in an extended access list. We can also optionally specify the source and destination ports. Regular NAT can only consider the source addresses, not the destination address .
  In Static NAT it is called as Static Policy NAT.
  In Dynamic NAT it is called as Dynamic Policy NAT.
• Give the order of preference between different types of NAT?
  1.Nat exemption.
  2.Existing translation in Xlate.
  3.Static NAT
  – Static Identity NAT
  – Static Policy NAT
  – Static NAT
  – Static PAT
  4.Dynamic NAT
  – NAT Zero
  – Dynamic Policy NAT
  – Dynamic NAT
  – Dynamic PAT
• What is the difference between Auto NAT & Manual NAT?
  Auto NAT (Network Object NAT) – It only considers the source address while performing NAT. So, Auto NAT is only used for Static or Dynamic NAT. Auto NAT is configured within an object.
  Manual NAT (Twice NAT) – Manual NAT considers either only the source address or the source and destination address while performing NAT. It can be used for almost all types of NAT like NAT exempt, policy NAT etc.
  Unlike Auto NAT that is configured within an object, Manual NAT is configured directly from the global configuration mode.
• Give NAT Order in terms of Auto NAT & Manual NAT?
  NAT is ordered in 3 sections.
  Section 1 – Manual NAT
  Section 2 – Auto NAT
  Section 3 – Manual Nat After-Auto