zanny sandy – Page 2 – Network Interview QnA

How to enable logging in Palo Alto Networks Firewall?

When it comes to live troubleshooting or to ensure certain traffic is either blocked or allowed one relies heavily on logs, Palo Alto Network Firewalls does provides very good logging options and fields. Its quite easy to read them and understands them. By default when some one creates any security policy Palo Alto Networks Firewall [...]

What does Virtual Wire interface in Palo Alto firewall used for?

We all know Palo Alto Network Firewalls offers quite flexibility deployment options, one can also deploy Palo Alto Networks in Virtual Wire or V-Wire mode. This is the beauty of Palo Alto Networks Firewalls , the flexibility it offers cannot be matched by some of the leading firewall vendors. Though other vendors offers the same [...]

What is BFD?

Bidirectional Forwarding Detection (BFD) provides a low-overhead, short-duration method of detecting failures in the forwarding path between two adjacent routers, including the interfaces, data links, and forwarding planes. BFD is a detection protocol that you enable at the interface and routing protocol levels. Cisco supports the BFD asynchronous mode, which depends on the sending of [...]

Can two different VTP Domain communicate with each other. If yes then how?

Two different VTP domains cannot exchange VLAN database information. In fact, splitting a switched network into more VTP domains is one of the few ways how to make one part of the network independent from another with respect to VTP. If two switches are supposed to synchronise their VLAN databases via VTP, they must be [...]

Palo Alto CLI cheat sheet

Device management: Show general system-health information –> show system info Show percent usage of disk partitions –> show system disk-space Show the maximum log file size –> show system logdb-quota Show running processes –> show system software status Show processes running in the management plane –> show system resources Show resource utilization in the dataplane –> show running resource-monitor Show the [...]

What is VDC’s in Nexus Switches?

Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits e.g. fault isolation, administration plane, separation of data traffic, and enhanced security. This logical separation provides the following benefits: Administrative and management separation Change and failure domain isolation from other VDCs Address, VLAN, VRF, and vPC isolation Each VDC acts as an [...]

What is the difference between F1 & F2 modules in Nexus 7000 Switch?

The F2 still provide all the built-in features of F1 line card. It actually take the operation further to provide better bandwidth. Currently, the F2 card will give wire-rate speed. This means that 48 port populated with 10G links will run in non-blocking architecture. Something new that was not possible in the older line cards, [...]

What is the difference between M1 & M2 module on Nexus 7000 series ?

The main difference is that the M1 cards will do major and all Layer 3 related features and operations. The M2 cards will give the data center the expansion to run 40G and 100G infrastructure. The initial series of line cards launched by cisco for Nexus 7000 series switches were M1 and F1. M1 series [...]

OSI layer in short with example

7. Application layer-Responsible for initiating or services the request. e.g SMTP, DNS, HTTP, and Telnet 6. Presentation layer-Formats the information so that it is understood by the receiving system e.g Compression and encryption depending on the implementation 5. Session layer– Responsible for establishing, managing, and terminating the session e.g NetBIOS 4. Transport layer-Breaks information into [...]

Important CLI commands for F5 LTM

TMOS commands run util bash -enable shell show sys self-ip -show self IP’s show ltm persistence persist-records -show persistence records list ltm node [node_address] -show node status modify ltm node [node_address] down -disable node modify ltm node [node_address] up -enable node modify net packet-filter all logging enabled -enable logging for all packet filters delete ltm [...]

How does an arp attack work?

we already know that the purpose of ARP requests in the network is to give the device an appropriate mapping of MAC address to IP address. So, How does an ARP attack works? ARP attack is done through ARP spoofing, where it is done by modifying the ARP tables which are small databases linking to [...]

Common switch chassis errors & troubleshooting

How Switch Chassis looks like? Voltage Failure Voltage Termination (VTT) module terminates signals on the Catalyst switching bus. There are three voltage regulators (VTT) in the backplane. If one VTT module fails, it is a minor alarm. If two fail, there is a major problem and the corrective action shuts down the system. Example Command [...]

Hardware terms

Bandwidth Bandwidth refers to the amount of information that can be transmitted over a network in a given amount of time, usually expressed in bits per second or bps Protocol Protocols are the set of rules / algorithm used to learn routes, so that network traffic can be passed from a source to the destination. [...]

VLAN, TRUNKING, VTP

Vlan trunking -Vlan divides the broadcast domain -In New switch, Default Vlan = Native Vlan = Vlan 1 -Native Vlan can be changed from Vlan 1 to Vlan10, 20 etc. -Vlan 1 cannot be deleted even after entering command -Vlan 1 carries critical traffic like CDP, VTP etc. -Access port carries traffic of only one [...]

What is asymmetric routing?

Asymmetric routing is when a packet takes one path to the destination and takes another path when returning to the source. For example, review the following diagram. Packets from A to B take one route and packets from B to A take another route. This is not a problem for regular TCP connections because [...]

How DHCP works?

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks. The DHCP protocol is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. A router or a residential gateway can be enabled to act as a DHCP server. [...]

What is UDLD?

Unidirectional Link Detection (UDLD) is a data link (layer 2) protocol from Cisco Systems to monitor the physical configuration of the cables and detect unidirectional links. UDLD allow two switches to verify if they can both send and receive data on a point-to-point connection.UDLD works with the Layer 1 (L1) mechanisms to determine the physical [...]

Spanning Tree Protocol interface states

This is what happens when you plug in a cable: Listening state: Only a root or designated port will move to the listening state. The alternate port will stay in the blocking state. In the listening state the switch tries to figure out what the topology looks like. No data transmission occurs at this state [...]

What is the difference between Forward proxy vs Reverse proxy?

A forward proxy is a proxy configured to handle requests for a group of clients under the local Administrators control to an unknown or arbitrary group of resources that are outside of their control. Usually the word “forward” is dropped and it is referred to simply as a proxy, this is the case in Microsoft’s [...]

What is metro ethernet?

A metropolitan-area Ethernet, Ethernet MAN, or metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or the Internet. Businesses can also use metropolitan-area Ethernet to connect their own offices to each other. An Ethernet interface is much [...]

How HTTP protocol works?

HTTP functions as a request–response protocol in the client–server computing model. A web browser, for example, may be the client and an application running on a computer hosting a web site may be the server. The client submits an HTTP request message to the server. The server, which provides resources such as HTML files and [...]

How to enable multiple context in the Cisco ASA firewall

Cisco ASA firewall is possibly already configured for multiple security contexts dependent upon how you ordered it from Cisco, but if you are upgrading then you might need to convert from single mode to multiple mode. The context mode (single or multiple) is not stored in the configuration file, even though it does endure reboots. [...]

How to setup the internet access through the Cisco ASA firewall?

Basic Guidelines for setting Internet through the Cisco ASA firewall: At first we need to configure the interfaces on the firewall. !— Configure the outside interface. interface GigabitEthernet0/0 nameif outside security-level 0 ip address 10.165.200.226 255.255.255.224 !— Configure the inside interface. interface GigabitEthernet0/1 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 The nameif command gives [...]

What are the NAT syntax changes in the Cisco ASA firewall

There are major nat syntax changes after the ASA firewall iOS version 8.3. Regular static NAT: In the pre 8.3- static (inside,outside) 192.168.100.100 10.1.1.6 net mask 255.255.255.255 In the version 8.3 and later- object network obj-10.1.1.6 host 10.1.1.6 nat (inside,outside) static 192.168.100.100 Regular static PAT: In the pre 8.3- static (inside,outside) tcp 192.168.100.100 80 10.1.1.16 [...]

What is ICMP?

ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagram problems back to the sender. It uses the echo test / reply to test whether a destination is reachable and responding. It also handles both control and error messages.

How to modify SSH/HTTP/Telnet time out in Cisco ASA firewall?

By default tcp idle timeout is 1:0:0 hh:mm:ss. If in case you need to modify it you can do it by MPF (Modular Policy Framework). Let us setup a custom timeout when traffic is coming from particular host 10.77.241.129. !— Match the traffic using the access-list —! object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object [...]

What are the important topologies for networks?

There are five topologies for networks 1. Ring Topology 2. Star Topology. 3. Bus Topology. 4. Mess Topology. 5. Hybrid Topology.

What is difference between DoS vs DDoS attacks?

In a Denial of Service (DoS) attack, a hacker uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests—usually in an attempt to exhaust server resources (e.g., RAM and CPU). On the other hand, Distributed Denial of Service (DDoS) attacks are launched from multiple connected devices that [...]

What is DoS attack? How can it be prevented?

DoS (Denial of Service) attack can be generated by sending a flood of data or requests to a target system resulting in a consume/crash of the target system’s resources. The attacker often uses ip spoofing to conceal his identity when launching a DoS attack.

BIG-IP F5 LTM Load balancing methods

BIG-IP LTM provides a variety of load balancing methods to choose from. There are two types of load balancing methods. statistic load balancing method / mode. dynamic load balancing mode. 1. statistic load balancing mode:- There are two static load balancing modes. 1.Round robin 2.Ratio 2..Dynamic load balancing mode:- 1.least connections 2.fastest 3.observed 4.predictive 5.dynamic [...]

Please update your app otherwise you will not receive future updates!!

We recently upgraded our app. Please install the latest update or in few days you will not able to receive the updates for app.

What is the difference between the F5 LTM vs GTM?

The biggest difference between the GTM and LTM is traffic doesn’t actually flow through the GTM to your servers. The GTM is an intelligent name resolver, intelligently resolving names to IP addresses. Once the GTM provides you with an IP to route to you’re done with the GTM until you ask it to resolve another [...]

Acronyms

A • AAL: ATM Adaptation Layer • ABM: Asynchronous Balance Mode • ABR: Available Bit Rate • AC: Access Control • ACK: Acknowledgment • ADSL: Asymmetric Digital Subscriber Links • ANI: Automatic Number Identification • ANSI: American National Standards Institute • API: Application Programming Interface • ARM: Asynchronous Response Mode • ARP: Address Resolution Protocol [...]

How to troubleshoot access related problems in Cisco ASA

Cisco ASA has very powerful troubleshooting feature in ASA software version 7.2(1) or later that virtually eliminates the guesswork. Packet-tracer allows a firewall admins to inject a virtual packet into the security appliance and track the flow from ingress to egress. Along the way, the packet is evaluated against flow and route lookups, ACLs, protocol [...]

In IPSEC, If ESP provides both encryption and authentication, why is AH required.

ESP does not provide authentication to the outer IP header, which AH does.

What command displays a summary list of OSPF interfaces that includes a column for the cost of each interface?

R1#show ip ospf interface brief

BGP Quick notes

A transit AS is an AS that routes traffic from one external AS to another external AS The “show ip bgp” command is used to display entries in the BGP routing table. The AS-PATH attribute is used to prevent BGP routing loops. When receiving an BGP advertisement, the router checks the AS-PATH attribute, [...]

Passive interface (RIP,OSPF,EIGRP)

Passive-interface command is used in all routing protocols to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another. RIP: In RIP this command will disable sending multicast updates via a specific interface but will allow listening to incoming updates from other RIP enabled neighbors.This simply means [...]

Quick notes for EIGRP

EIGRP is a Cisco proprietary protocol which means it will work only on Cisco routers. EIGRP is also called advanced distance vector or Hybrid routing protocol. Multicast or unicast is used for exchange of information. Multiple network layer protocols are supported. 100% loop-free. By default,EIGRP will limit itself to use no more than 50% of [...]

Memorising the BGP decision making process

1. Weight (Bigger is better) 2. Local preference (Bigger is better) 3. Self originated (Locally injected is better than iBGP/eBGP learned) 4. AS-Path (Smaller is better) 5. Origin 6. MED (Smaller is better) 7. External (Prefer eBGP over iBGP) 8. IGP cost (Smaller is better) 9. EBGP Peering (Older is better) 10. Router- ID