More Next Blog» Create Blog Sign In

Network and Security

Firewalls Networking CISCO Interview Question

Interview Question Search This Blog

I would like to cover some important and frequently asked Q&A in this Page. You all are also invited to share your replies Search
and suggestions. I hope this page will be useful for all the Network and Network Security Domain Students, Job-Seekers,
Professionals, Trainers, etc.

About me
CHECKPOINT Sunil Arora
New Delhi, India
MCSE, CCNA, CCSA, JNCIA, CEH,
Q.1 What is Checkpoint Architecture? ITILv3......
Ans. View my complete profile
Check Point has developed a Unified Security Architecture that is implemented throughout all of
its security products. This Unified Security Architecture enables all Check Point products to be
managed and monitored from a single administrative console, and provides a consistent level of Labels
security.
ACL (1)
The Check Point Unified Security Architecture is comprised of four main components:
Anti Virus (4)
Core Technologies: - Check Point uses a common set of core technologies, such as INSPECT
ARP (1)
for security inspection, across multiple layers of security.
Cheat Sheet (3)
Central Management: - All Check Point products can be managed and monitored from a single
administrative console. Checkpoint (15)

Open Architecture: - Check Point has built its security architecture to be open and interoperable CISCO (8)
in a heterogeneous environment. For example, Check Point products can interoperate with other
network and security equipment from third-party vendors to enable cooperative enforcement of Commands (19)
Security Policies.
Cyber Threats (3)
Universal-update Ability: - Check Point has consolidated multiple security-alert and update Encryption (1)
functions to ease update procedures and help Administrators ensure that security is always up-to-
date. Firewall (5)

Q.2 How Checkpoint Component communicate and Syns with each other? Fortigate (2)
Ans.
Secure Internal Communications (SIC) is the Check Point feature that ensures components, FTP (1)
such as Security Gateways, SmartCenter Server, SmartConsole, etc. can communicate with each
other freely and securely using a simple communication-initialization process. Hacking (2)

Q.3 What are the major differences between SPLAT and GAIA? Juniper (2)
Ans.
Gaia is the latest version of Checkpoint which is a combination of SPLAT and IPSO. Here are JUNOS (1)
some benefits of Gaia as compare to SPLAT/IPSO.
Linux (9)
1. Web-Based user interface with Search Navigation McAfee (1)
2. Full Software Blade support
3. High connection capacity Monitoring (1)
4. Role-Based administrative Access
5. Intelligent Software updates Netscreen (2)
6. Native IPv4 and IPv6 Support
Networking (5)
7. ClusterXL or VRRP Clusters
8. Manageable Dynamic Routing Suite Palo Alto (2)
9. Full Compatibility with IPSO and SecurePlatform.
Routing (3)
For more information you can checkpoint official page on this topic:
http://www.checkpoint.com/products/check-point-gaia/ SSH (1)

Q.4 What are the different – different Checkpoint Ports and purpose of these ports? Stonesoft (1)
Ans.
Switching (1)
PORT TYPE SERVICE DESCRIPTION
VLAN (1)
21 TCP ftp File transfer Protocol (control)
21 UDP ftp File transfer Protocol (control) VPN (2)
22 Both ssh SSH remote login
25 Both SMTP Simple Mail transfer Protocol Web (1)
50 Encryption IP protocols esp – IPSEC Encapsulation Security Payload
51 Encryption IP protocols ah – IPSEC Authentication Header Protocol wifi (1)
53 Both Domain Name Server
69 Both TFTP Trivial File Transfer Protocol
94 TCP Encryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
Blog Archive
137 Both Netbios-ns NETBIOS Name Service
138 Both netbios-dgm NETBIOS Datagram ▼ 2017 (2)
139 Both netbios-ssn NETBIOS Session
▼ June (2)
256 TCP FW1 (fwd) policy install port FWD_SVC_PORT
257 TCP FW1_log FW1_log FWD_LOG_PORT Protecting Windows Network from
258 TCP FW1_mgmt FWM_SSVVC_PORT Malware Infection
259 TCP FW1_clientauth_telnet Common File Extension for
259 UDP RDP Reliable Datagram Protocol Ransomeware
260 TCP sync
260 UDP FW1_snmp FWD_SNMP_PORT ► 2016 (8)
261 TCP FW1_snauth Session Authentication Daemon
262 TCP MDQ – mail dequer ► 2015 (5)
263 TCP dbs ► 2014 (4)
264 TCP FW1_topop Check Point SecureClient Topology Requests
265 TCP FW1_key Check Point VPN-1 Public key transfer protocol ► 2013 (20)
389 Both LDAP Secure Client connecting to LDAP without SSL ► 2012 (15)
443 SNX VPN can use 443 too
444 TCP SNX VPN SNX VPN tunnel in connectra only
500 UDP IPSEC IKE Protocol (formerly ISAKMP/Oakley)
500 TCP IKE over TCP Useful Links
500 UDP ISAKMPD_SPORT & ISAKMPD_DPORT
514 UDP Syslog Syslog Ransomeware Encryption Recovery
636 LDAP Secure Client connecting to LDAP with SSL Free Practice Exams
900 TCP FW1_clntauth_http Client Authentication Daemon
981 Management https on the edge ASS with GNS3 and ASDM
1247
1494 TCP Winframe Citrix SANS Penetration Testing
1645 TCP Radius
1719 UDP VOIP Google Hacking and Defense Cheatsheet
1720 TCP VOIP
Networking Protocols Cheat-Sheet
2040 TCP MIP meta Ip admin server
2746 UDP UDP encapsualtion for SR VPN1_IPSEC_encapsulation VPN1_IPSEC Metasploit Cheet-Sheet
encapsulation
2746 TCP CPUDPENCap NMAP Cheat-Sheet
4000 Policy Server Port (Redmond)
4433 TCP Connectra Admin HTTPS Connectra admin port
4500 UDP NAT-T NAT Traversal
4532 TCP SNDAEMON_PORT sn_auth_trap: sn_auth daemon Sec.Serv comm, Daily Feed
5001 TCP Meta IP Web Connection, MIP
5002 TCP Meta IP DHCP Failover
5004 TCP Meta IP UAM
5005 TCP Meta IP SMC
6969 UDP KP_PORT KeyProt
8116 UDP Check Point HA SyncMode= CPHAP (new sync mode)
8116 UDP Connection table synchronization between firewalls
8989 TCP CPIS Messaging MSG_DEFAULT_PORT
8998 TCP MDS_SERVER_PORT
9000 Command Line Port for Secure Client
10001 TCP Default CPRSM listener port for coms with RealSecure Console
18181 TCP FW1_cvp Check Point OPSEC Content Vectoring Protocol
18182 TCP FW1_ufp Check Point OPSEC URL Filtering Protocol
18183 TCP FW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)
18184 TCP FW1_lea Check Point OPSEC Log Export API
18185 TCP FW1_omi Check Point OPSEC Objects Management Interface
18186 TCP FW1_omi-sic Check Point OPSEC Objects management Interface with Secure
Internal Communication
18187 TCP FW1_ela Check Point OPSEC Event Loging API
18190 TCP CPMI Check Point Management Interface
18191 TCP CPD Check Point Daemon Proto NG
18192 TCP CPD_amon Check Point Internal Application Monitoring NG Live Traffic Feed
18193 TCP FW1_amon Check Point OPSEC Appication Monitoring NG A visitor from Lucknow, Uttar Pradesh viewed
18201 TCP FGD_SVC_PORT "Network and Security: Interview Question" 3
18202 TCP CP_rtm Check Point Real time Monitoring hrs 23 mins ago
18203 TCP FGD_RTMP_PORT A visitor from India viewed "Network and
18204 TCP CE communication Security: Interview Question" 4 hrs 26 mins ago
18205 TCP CP_reporting Check Point Reporting Client Protocol
18207 TCP FW1_pslogon Check Point Policy Server logon Protocol A visitor from San Francisco, California viewed
18208 TCP FW1_CPRID (SmartUpdate) Check Point remote Installation Protocol "Network and Security: Interview Question" 6
18209 TCP FWM CA for establishing SIC communication hrs 26 mins ago
18210 TCP FW1_ica_pull Check Point Internal CA Pull Certificate Service A visitor from Bangalore, Karnataka viewed
18211 TCP FW1_ica_pull Check Point Internal CA Push Certificate Service "Network and Security: Interview Question" 7
18212 UDP Connect Control – Load Agent port hrs 40 mins ago
A visitor from Coquitlam, British Columbia
18213 TCP cpinp: inp (admin server)
viewed "Network and Security: How to
18214 TCP cpsmc: SMC
Configure ACL on JUNOS Switches" 10 hrs 31
18214 UDP cpsmc: SMC Connectionless A visitor
mins ago from Toronto, Ontario viewed
18221 TCP CP_redundant Check Point Redundant Management Protocol NG "Network and Security: Interview Question" 12
18231 TCP FW1_pslogon_NG Check Point NG Policy Server Logon Protocol hrs 39 mins ago
18231 TCP NG listens on this port by default dtps.exe A visitor from Mexico viewed "Network and
18232 TCP FW1_sds_logon Check Point SecuRemote Distribution Server Protocol Security: How to reset IPCop root password" 18
18233 UDP Check Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive hrs 40 mins ago
18241 UDP e2ecp A visitor from Brooklyn, New York viewed
18262 TCP CP_Exnet_PK Check Point Public Key Resolution "Network and Security: Configure Layer 3
18263 TCP CP_Exnet_resolve Check Point Extranet remote objects resolution EtherChannel between Cisco Router and
18264 TCP FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Switch"
A visitor19 hrs Wichita
from 24 minsFalls,
ago Texas viewed
Services "Network and Security: Interview Question" 21
19190 TCP FW1_netso Check Point OPSEC User Authority Simple Protocol hrs 30 mins ago
19191 TCP FW1_uaa Check point OPSEC User Authority API A visitor from Europe viewed "Network and
65524 FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher) Security: Interview Question" 1 day ago

Q.5 How SIC work? What are the different ports of SIC? Real-time view · Get Feedjit
Ans.
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with
each other. The SIC procedure creates a trusted status between gateways, management servers
and other Check Point components. SIC is required to install polices on gateways and to send
logs between gateways and management servers. Total Pageviews

These security measures make sure of the safety of SIC: 1 3 4 2 3 2

1. Certificates for authentication
2. Standards-based SSL for the creation of the secure channel
3. 3DES for encryption Subscribe To

The Internal Certificate Authority (ICA) Posts

The ICA is created during the Security Management server installation process. The ICA is All Comments
responsible for issuing certificates for authentication. For example, ICA issues certificates such as
SIC certificates for authentication purposes to administrators and VPN certificates to users and
gateways.

Initializing the Trust Establishment Process

Communication Initialization establishes a trust between the Security Management server and the
Check Point gateways. This trust lets Check Point components communicate securely. Trust can
only be established when the gateways and the server have SIC certificates.

Note - For SIC to succeed, the clocks of the gateways and servers must be synchronized.

The Internal Certificate Authority (ICA) is created when the Security Management server is
installed. The ICA issues and delivers a certificate to the Security Management server.

To initialize SIC:

1. Decide on an alphanumeric Activation Key.

2. In SmartDashboard, open the gateway network object. In the General Properties page of the
gateway, click Communication to initialize the SIC procedure.
3. In the Communication window of the object, enter the Activation Key that you created in step 2.
4. Click Initialize.

The ICA signs and issues a certificate to the gateway. Trust state is Initialized but not trusted. The
certificate is issued for the gateway, but not yet delivered.

SSL negotiation takes place. The two communicating peers are authenticated with their Activation
Key.

The certificate is downloaded securely and stored on the gateway.

After successful Initialization, the gateway can communicate with any Check Point node that
possesses a SIC certificate, signed by the same ICA. The Activation Key is deleted. The SIC
process no longer requires the Activation Key, only the SIC certificates.

Checkpoint SIC Ports

PORT TYPE SERVICE DESCRIPTION

18209 tcp NGX Gateways <> ICAs (status, issue, or revoke).
18210 tcp Pulls Certificates from an ICA.
18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates.

Q.6 Checkpoint Packet flow for SNAT and DNAT?

Ans.

In case of SNAT
Antispoofing

Session lookup

Policy lookup

Routing

Netting

In case of DNAT

Antispoofing

Session lookup

Policy lookup

Netting
Routing

Q.7 What is the main different between cpstop/cpstart and fwstop/fwstart?

Ans.
Using cpstop and then cpstart will restart all Check Point components, including the SVN
foundation. Using fwstop and then fwstart will only restart VPN-1/FireWall-1.

Q.8 What are the functions of CPD, FWM, and FWD processes?
Ans.
CPD – CPD is a high in the hierarchical chain and helps to execute many services, such as
Secure Internal Communication (SIC), Licensing and status report.
FWM – The FWM process is responsible for the execution of the database activities of the
SmartCenter server. It is; therefore, responsible for Policy installation, Management High
Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc.
FWD – The FWD process is responsible for logging. It is executed in relation to logging, Security
Servers and communication with OPSEC applications.

Q.9 What is Anti-Boat?

Q.10 How to block ICMP tunnel in checkpoint?
Q.11 Difference between fwstop and cpstop?
Q.12 What are the services which impacted during cpstop and spstart?
Q.13 What is CPinfo? And why it is used?
Q.14 What are Cluster_XL, Secure_XL and CORE_XL?
Q.15 What is Provider1?
Q.16 What is MDF Database?
Q.17 How to configure SMC HA?
Q.18 How to check License via Smartview Monitor?
Q.19 How to configure perform DNAT before routing via Global Properties?

CHECKPOINT CLUSTER
Q.1 Which protocol use in Checkpoint for Clustering?
Q.2 How Cluster_XL works? What the ports used by Cluster_XL?
Q.3 What are the New and Legacy Mode in Clustering?
Q.4 What are Delta and Full Mode in Clustering?
Q.5 Step by Step Process of configuring Checkpoint Cluster?
Q.6 How to use VRRP for Checkpoint Clustering?

CHECKPOINT VPN
Q.1 Difference between IPSec and SSL VPN?
Q.2 Difference between Domain Base and Route Base VPN?
Q.3 What are the protocols of IPSec? And what are the Protocol numbers of IPSec Protocols.?
Ans. IPSec use two Protocols AH (Authentication Header) and ESP (Encapsulated
Security Payload). AH works on Protocol number 51 and ESP works on Protocol number
50.
Q.4 What is NAT traversal? Where it used?
Q.5 How use NAT in VPN Tunnel?
Q.6 What is Norm in IPSec?
Q.7 What the Phases of IPSec VPN? And many messages being exchanged in MAIN and
QUICK Mode? What are these messages?
Q.8 What is Encryption Domain?
Q.9 IPSec works at which OSI layer?
Ans. IP Layer (Network Layer and provide security services Network Layer and above).

JUNIPER SCREENOS
Q.1 What are the series of ScreenOS boxes?
Q.2 What is the latest version ScreenOS?
Q.3 Juniper Packet Flow.
Q.4 What is Screen Check? How to configure Screen Check in Juniper?
Q.5 What is DIP, MIP and VIP?
Q.6 How to configure Cluster in Juniper?

ROUTING
Q.1 Difference between Static and Dynamic Routing?
Q.2 Different between AD Value and Metric? And what is the AD value of EIGRP, OSPF, RIP and BGP?
Ans.

AD: - The administrative distance is helpful to select best between two or more routing Protocols. For example
best route selection between OSPF and RIP.

Metric: - Metrics are only helpful to select route inside a routing protocol. For example best route inside the RIP.

Administrative Distance Valuse

Connected Interface = 0
Static Route = 1
EIGRP Summery Route = 5
External BGP = 20
Internal EIGRP = 90
IGRP = 100
OSPF = 110
IS-IS = 115
RIP = 120
EGP = 140
On Demand Routing = 160
External EIGRP = 170
Internal BGP = 200
Unknown = 255
Q.3 How to configure Inter-VLAN routing in router?
Q.4 How to enable trunking in router?

SWITCHING
Q.1 What is Private VLAN? What is extended or High VLAN range?
Q.2 What is Native VLAN?
Q.3 What is VTP?
Q.4 What is Transparent Mode in VTP and how it works? If we create new VLAN on Transparent
Switch that will be advertise or not?
Q.5 What is 802.1x standard?
PROTOCOLS

Q.1 What are different ports of FTP? What is the use of FTP different ports?

Ans. A Client makes a TCP connection to the server port 21. This connection remains open for
the duration of the session and thus it is called a control session. Then another connection is
opened on Port 20 and it is called the data connection. The control connection is used for
authenticating, command and administrating exchanged between the client and the server.

Q.2 What are the modes of FTP?

Ans. There are two types of FTP.

Passive FTP: - In passive mode, the client establishes both channels (Data and control). In that
case, the server tells the client which port should be used for the data channel.

Active FTP: - In active mode, the client establishes the control channel but the server establishes
the data channel.

Q.3 Why FTP not work with Packet Filter Firewall?

Q.4 What are the ports of DNS?

Ans. DNS use Port TCP & UDP 53.

Q.5 When DNS use port tcp_53?

Ans. UDP/53 is used when a host or a router wants to resolve a domain name to an IP address (or vice versa).

TCP/53 is used between two DNS servers when they want to sync or share their databases. Or If the size of the
response message is more than 512 bytes, a TCP connection is used.

Q.6 What is DHCP? What are the Ports of DHCP?

MCAFEE
Q.1 How to Installation and Configuration ePO sever?
Q.2 What is McAfee Agent Handler?
Q.3 How to restore ePO database?
Q.4 How to make policy in new ePO?
Q.5 What is default Console Port of ePO?
Q.6 What is the default Group of ePO?
Q.7 On which port ePO communication with client agent?
Q.8 What is Client Task?

RSA AUTHENTICATION MANAGER

Q.1 How Install and Configure RSA Authentication Manager?
Q.2 How to install and configure RSA Agent in Firewall or Windows Server?
Q.3 How to configure RADIUS in RSA?
Q.4 What are the RSA important files?

MISC QUESTION

Q.1 What is OSI stack? Explains all the OSI layers?

19 comments:

Anonymous 22 August 2014 at 03:15

Sir ,

We would appreciate if you could publish the answers of these question. That would be very helpful for
interviews.

Regards,
Akash

Reply

Replies

Uttam 20 November 2017 at 11:00

 This is Awesome Question answer I have ever seen a single shot.
Thank You.

Reply

Sunil Arora 22 August 2014 at 22:51

Hello Akash,

Due to some of onsite Projects I am traveling alot now a days that's why missed to answers these question. But I
am really thankful to you dear for reminding me. I will surely post the answers of these.

Regards,

Sunil

Reply

Praveen Ghanghas 30 August 2014 at 00:41

If you provide the answers then it will be very helpful.....

Reply

saravanan vpn 5 September 2014 at 19:50

Thank u very much for operating this blog.my hearty thanks sir. These questions are highly resource intensive.

Reply

Pratap Kumar Shee 10 September 2014 at 15:27

Hello Sunil,

Please share the answers, those will really helpful.

Warm Regards,
Pratap

Reply

Sunil Arora 11 September 2014 at 23:49

Hello Friends,
I am really sorry for this delay. Actually due to some ongoing critical projects I am not able to manage time to
update this blog regularly. But today I tried to manage some time and post the answare of few question.
Reply

Replies

Praveena 5 July 2016 at 15:31

Sir..Hi ,can you please answer d questions..it Wil be very helpful for us

Reply

Rajeev24us 4 November 2014 at 20:55

Thanks Sunil

Reply

Anonymous 6 April 2015 at 15:19

Good stuff...thanks a ton

Reply

Unknown 14 June 2015 at 21:20

Hi Anyone can explain the different between Netcreen and JUnos

Reply

Sunil Arora 14 June 2015 at 23:33

Technically every OS is some what different with each other, so netscree and junos also have some difference.
Few years back both OS was used by Juniper Systems, ScreenOS (Security Devices) and Junos (Router and
Switches). But now Juniper has stopped using ScreenOS in their Security Devices, in their new SRX series
Security Devices they start using Junos OS.

Well for sales point of view both have many difference that you can check to compare with SRX and SSG
Juniper devices. But the biggest difference I notice is debugging feature of ScreenOS which is the best I have
ever use in any firewall.

Reply

Kersingh Kunwar 1 August 2015 at 00:11

thanks

Reply

Unknown 16 January 2016 at 11:40

Thanks Sunil ,it will definately help to crack Interviews.

Reply

Unknown 16 January 2016 at 11:40

Thanks Sunil ,it will definately help to crack Interviews.

Reply

itzAmlan 3 April 2016 at 16:01

Great work Sunil. It's really helpful.

Reply

venkat 2 January 2017 at 12:38

Good Blog sunil... You Need Practical knowledge as well to crack interviews....

Reply

Anonymous 8 January 2017 at 12:42

Great Explanation

Reply

Mansi Rao 22 November 2017 at 16:58

What is Anti-Spoofing.
Anti-Spoofing is the feature of Checkpoint Firewall. which is protect from attacker who generate IP Packet with
Fake or Spoof source address. Its determine that whether traffic is legitimate or not. If traffic is not legitimate
then firewall block that traffic on interface of firewall.
Reply
Enter your comment...

Comment as: Unknown (Goo Sign out

Publish Preview Notify me

Home

Subscribe to: Posts (Atom)

Sunil Arora -. Awesome Inc. theme. Powered by Blogger.