Firewall Interview Q&A

Posted on 11:47 AM by Bharathvn

Q: What is a packet filter firewall?
A: A packet filter firewall inspects traffic on a per-packet basis. It matches only on an individual packet basis. It is not capable of determining a packet flow or session. Packet filters can match a packet from the simple source and destination IP up to and including specific protocol flags such as TCP SYN and FIN. This varies based upon the vendor’s implementation of a packet filter.

Q: What is stateful inspection?
A: In stateful inspection, a firewall inspects traffic based upon the state of the connection. The firewall is aware of the beginning, middle, and end of a connection. If the connection goes out of state, the firewall is able to detect it.

Q: What is an application proxy firewall?
A: An application proxy firewall proxies connections that attempt to go through the firewall. The client’s request is always proxied to server. The server’s response is proxied back to the client as well. This allows the proxy to completely inspect the connection.

Q: What does the term DMZ stand for?
A: This stands for demilitarized zone. It is a term that represents a segmented network to which access is protected by a firewall.

Q: Why would you want a high-availability firewall deployment in your network?
A: Because a firewall is often placed at a critical point in your network. If it were to fail, you would lose access to critical resources such as Internet access.

Q: What are the characteristics of an appliance firewall?
A: An appliance-based firewall is a device that is built for a specific purpose. The purpose in this case is to be a firewall.

Q: What is NAT?
A: NAT stands for Network Address Translation. With NAT, a packet has either the source or destination IP address modified as it passes through a firewall.

Q: What is Unified Threat Management?
A: Unified Threat Management, or UTM, is a collection of technologies that are bundled together to eliminate threats on the network. These technologies include deep-packet inspection, antivirus, antispam, and URL filtering.

Q: What are the main configuration components in a firewall?
A: The firewall’s configuration (networking/routing), the firewall policy (the policy that restricts traffic for a device), and the firewall’s objects (the components used during the firewall’s policy configuration.

Q: What is a secure router?
A: A secure router is a device that couples the features of a router and a firewall, including the use of WAN interfaces, firewall services, and, often, a UTM feature set.

Q: What company was the first to implement firewall technologies?
A: Cisco Systems originally implemented firewall features in the form of packet filters on routers.

Q: Who are the three market leaders in the firewall technology space?
A: Cisco, Check Point, and Juniper Networks are the three market leaders. Cisco is the number one leader in firewall appliances. Check Point is the market leader in software-based firewalls. Juniper Networks is in second place behind Cisco for firewall appliances.

Q: What was Check Point’s most important impact on the firewall market?
A: The creation of an easy-to-use central management tool. This tool contained easy-to-use GUIs and still sets the bar for user interfaces today.

Q: What is the most basic deployment for a firewall?
A: The most basic deployment for a firewall is placing a firewall between an untrusted network, such as the Internet, and the local area network. This placement limits the access that the Internet has to the local area network. The local area network has important services that should not be Internet accessible. These services include file servers and e-mail servers.

Q: Can you list the three core firewall technologies?
A: Packet filter, stateful inspection, and application proxies are the core firewall technologies.

Q: What are three technologies you can find in the UTM feature set?
A: Antivirus inspection, antispam, and deep-packet inspection. Antivirus technologies often focus on the inspection of Web and e-mail traffic.