Network Firewall: Most Frequently Asked Interview Questions

February 22, 2018 | Views: 3301

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

H3ll0 Community, here are the answers to the most frequently asked questions in an interview about Network firewalls :

  • What is a Firewall?
    Firewall is a device that is placed between a trusted and an untrusted network. It deny or permit traffic that enters or leaves network based on pre-configured policies. Firewalls protect inside networks from unauthorized access by users on an outside network. A firewall can also protect inside networks from each other for example by keeping a Management network separate from a user network.
  • What is the difference between Gateway and Firewall?
    A Gateway joins two networks together and a network firewall protects a network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
  • Firewalls works at which Layers?
    Firewalls work at layer 3, 4 & 7.
  • What is the difference between Stateful & Stateless Firewall?
    Stateful firewall – A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about a users connections in a state table, referred to as a connection table. It than uses this connection table to implement the security policies for users connections. Example of stateful firewall are PIX, ASA, Checkpoint.
    Stateless firewalls – (Packet Filtering) Stateless firewalls on the other hand, does not look at the state of connections but just at the packets themselves.
  • What information does Stateful Firewall Maintains?
    Stateful firewall maintains following information in its State table:-
    1.Source IP address.
    2.Destination IP address.
    3.IP protocol like TCP, UDP.
    4.IP protocol information such as TCP/UDP Port Numbers, TCP Sequence Numbers, and TCP Flags.
  • How can we allow packets from lower security level to higher security level (Override Security Levels)?
    We use ACLs to allow packets from lower security level to higher security level.
  • What is the security level of Inside and Outside Interface by default?
    Security Level of Inside interface by default is 100. Security Level of Outside Interface by default is 0.
  • Explain DMZ (Demilitarized Zone)?
    If we need some network resources such as a Web server or FTP server to be available to outside users we place these resources on a separate network behind the firewall called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the inside network.
  • How does a firewall process a packet?
    When a packet is received on the ingress interface, Firewall checks if it matches an existing entry in the connection table. If it does, protocol inspection is carried out on that packet.
    If it does not match an existing connection and the packet is either a TCP-SYN packet or UDP packet, the packet is subjected to ACL checks.The reason it needs to be a TCP-SYN packet is because a SYN packet is the first packet in the TCP 3-way handshake. Any other TCP packet that isn’t part of an existing connection is likely an attack.
    If the packet is allowed by ACLs and is also verified by translation rules, the packet goes through protocol inspection.

  • What are the values for timeout of TCP session, UDP session, ICMP session?
    TCP session – 60 minutes
    UDP session – 2 minutes
    ICMP session – 2 seconds
  • Explain TCP Flags?
    While troubleshooting TCP connections through the Firewall, the connection flags shown for each TCP connection provide information about the state of TCP connections to the Firewall.
  • What are the different types of ACL in Firewall?
    1.Standard ACL
    2.Extended ACL
    3.Ethertype ACL (Transparent Firewall)
    4.Webtype ACL (SSL VPN)
  • What is Tranparent Firewall?
    In Transparent Mode, Firewall acts as a Layer 2 device like a bridge or switch and forwards ethernet frames based on destination mac-address.
  • What is the need of Transparent Firewall?
    If we want to deploy a new firewall into an existing network it can be a complicated process due to various issues like IP address reconfiguration, network topology changes, current firewall etc. We can easily insert a transparent firewall in an existing segment and control traffic between two sides without having to readdress or reconfigure the devices.
  • Explain Ether-Type ACL?
    In Transparent mode, unlike TCP/IP traffic for which security levels are used to permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.
  • What is Policy NAT?
    Policy NAT allows you to NAT by specifying both the source and destination addresses in an extended access list. We can also optionally specify the source and destination ports. Regular NAT can only consider the source addresses, not the destination address .
    In Static NAT it is called as Static Policy NAT.
    In Dynamic NAT it is called as Dynamic Policy NAT.
  • Give the order of preference between different types of NAT?
    1.Nat exemption.
    2.Existing translation in Xlate.
    3.Static NAT
    – Static Identity NAT
    – Static Policy NAT
    – Static NAT
    – Static PAT
    4.Dynamic NAT
    – NAT Zero
    – Dynamic Policy NAT
    – Dynamic NAT
    – Dynamic PAT
  • What is the difference between Auto NAT & Manual NAT?
    Auto NAT (Network Object NAT) – It only considers the source address while performing NAT. So, Auto NAT is only used for Static or Dynamic NAT. Auto NAT is configured within an object.
    Manual NAT (Twice NAT) – Manual NAT considers either only the source address or the source and destination address while performing NAT. It can be used for almost all types of NAT like NAT exempt, policy NAT etc.
    Unlike Auto NAT that is configured within an object, Manual NAT is configured directly from the global configuration mode.
  • Give NAT Order in terms of Auto NAT & Manual NAT?
    NAT is ordered in 3 sections.
    Section 1 – Manual NAT
    Section 2 – Auto NAT
    Section 3 – Manual Nat After-Auto
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
13 Comments
  1. thank you

  2. This is one of the best write ups I have read on here. Thank you!

  3. Thanks for sharing

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel