Intrvw: Difference between revisions
→McAfee
(→McAfee) |
|||
Line 1,174:
dig example.com mx
nslookup -query=mx example.com
mx1.example.com
mx2.example.com
Line 1,187 ⟶ 1,186:
This is a test message.
QUIT
HTTP test using telnet:
To retrieve the document as well as the headers, use GET instead of HEAD. If you want the root document, use GET / HTTP/1.1 (or HEAD / HTTP/1.1).
Line 1,194 ⟶ 1,192:
Host: www.example.com
Connection: close
= TechM (Chd) =
SRX fxp1 interface
For SRX240B:
ge-0/0/0 interface will be mapped to fxp0 (out-of-band management)
ge-0/0/1 interface will be mapped to fxp1 (control).
The interfaces that are mapped to fxp0 and fxp1 are device specific.
IPS blocked webmail. Where to get the alerts?
Analysis & Reporting > IPS > Intrusion Events
Upgrade process of Sourcefire Sensors:
Reimage:
Reboot Sensor
Select System Restore
Set IP config
Select SCP, Enter Server IP, Credentials & ISO File name
Download & Mount ISO
Install
Reboot
Screenos flow
What is Sanity Checking?
VPN
NSRP Preempt behavior
Proxy Server Experience
= ZScalar (Chd) =
DNS? need for DNS
Traffic troubleshooting
HTTP is in which layer?
DNS uses protocol? UDP & TCP
Why not use UDP for all DNS traffic? (Ans:Huge Overhead)
Reverse of DNS possible?
ScreenOS CPU utilization check command
Port no of DNS, SSH, HTTP
SSH access is there but WebUI not opening?
;2nd Level
302,403,401 error HTTP
SSL Handshake steps - 4 phases
Hashing vs Encryption, examples of protocols
Port Numbers - 80, 443
Proxy Server functions
ALG - Active vs Passive FTP
Destination NAT - Proxy ARP, Server issues, Debugging
If the Server does not have a reverse route to reach firewall,it will drop reply packet. Workaround is to create a Source NAT rule in firewall
Aggressive vs Main Mode
Is Preshared Key, ID shared in clear text in Aggressive mode? (no, its Hashed)
Dynamic IP in Site, Which mode is used? (Aggressive)
What is a Digital Signature?
= Convergys (JTAC L2) =
* VPN traffic is not reaching other gateway device? How to prove?
Ans:Take snoop simultaneusly at both sites.
* What filters to use for VPN Traffic?
Ans: 4 filters- two for & to the gateways, two to & for the PCs
* 4 VPNs between 2 devices, how to identify which packet is for which VPN?
Ans:SPI will be unique & remains same for a single VPN
* ESP has Port no?
* IMP:What is NAT-T? Why packet will drop without NAT-T? at which packet exchange will it drop?
Ans:At which packet level does it start using UDP port 4500?
*Scenario 1:
3 firewalls are in full mesh VPN. 2 firewalls A & B have overlapping subnets.
Why will the ping from A to B private IPs fail?
Will VPN come UP?
What is the solution?
Ans: to use MIP in Tunnel
Ping from A to C private IP will fail?
Ping from C to A private IP will fail?
*Scenario 2:
Client is conected to a L2 switch. Switch to Firewall. Firewall to Internet. Client does an active FTP connection to FTP server.
How will traffic pass through firewall?
What is the role of ALG?
Which command of FTP is used?
IMP:Which 2 parameters of FTP Command are useful?
Ans: 1. PORT Command; 2._________
*Troubleshoot Latency
*Fragmentation in detail(ID Field, MF flag, Frag Offset)
*TCP SACK
*TCP WSF? is it Unidirectional or bidirectional? Max value for WSF? Max Window size?
*You have two PCAP files for same firewall. One on Ingress port & one for Egress port.
How to find out latency? How to find packet drops? How to trace packets(ID Field)
| |||