Documents

JNCIS-FWV Study Guide v1.3-Public

Categories
Published
of 170
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Share
Description
JNCIS-FWV Study Guide v1.3-Public
Transcript
    NetScreen JNCIS-FWV Study Guide The controlled master of this document is held in electronic form. If this is in printed form it is an uncontrolled copy. Copyright © 2005 Jason Ha. All rights reserved.   No part of this publication may be reproduced, stored in, or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without prior written permission of the Author, Jason Ha.    Netscreen JNCIS-FWV Study Guide v1.3-public.doc 30 Mar 2005 14:03 Page 2 DOCUMENT CONTROL Preparation  Action   Name Date Prepared by: Jason Ha 3-MAR-2005 Reviewed by: Release Change Doc Version Date Released Change By Description 0 1.1 15-JAN-2005 Jason Ha Initial Draft 1 1.2 7-FEB-2005 Jason Ha Condensed Content 2 1.3 3-MAR-2005 Jason Ha Final version Distribution List Name Organisation Title MSS VSA MSS VSI Document   Properties Document Name: Number of pages: Last Updated: NetScreen JNCIS-FWV Study Guide v1.3.doc 170 30/03/2005 14:03:00    Netscreen JNCIS-FWV Study Guide v1.3-public.doc 30 Mar 2005 14:03 Page 3 CONTENTS 1.   Introduction....................................................................................................................................................................6   1.1.   Exam Information.........................................................................................................................................................6   1.2.   Exam Content...............................................................................................................................................................7   2.   Basic Firewall/VPN Operations.................................................................................................................................9   2.1.   NetScreen Firewall Systems......................................................................................................................................9   2.1.1.   NS500 9   2.1.2.   NS5000.....................................................................................................................................................................11   2.2.   Interfaces.....................................................................................................................................................................14   2.2.1.   Security Interfaces..................................................................................................................................................16   2.2.2.   Functional Interfaces..............................................................................................................................................16   2.2.3.   Tunnel Interfaces....................................................................................................................................................17   2.3.    Advanced Interfaces..................................................................................................................................................17   2.3.1.   Subinterfaces...........................................................................................................................................................17   2.3.2.    Aggregate Interfaces..............................................................................................................................................18   2.3.3.   Redundant Interfaces.............................................................................................................................................18   2.3.4.   Virtual Security Interfaces......................................................................................................................................19   2.4.   Zones 19   2.4.1.   Security Zones.........................................................................................................................................................21   2.4.2.   Function Zones........................................................................................................................................................22   2.5.   Virtual Routers............................................................................................................................................................23   2.5.1.   Static Routes............................................................................................................................................................23   2.6.   Security Policies.........................................................................................................................................................27   2.6.1.   Interzone Policies....................................................................................................................................................28   2.6.2.   Intrazone Policies....................................................................................................................................................29   2.6.3.   Global Policies.........................................................................................................................................................29   2.6.4.   Policy Configuration Order....................................................................................................................................30   2.7.   Network Address Translation...................................................................................................................................30   2.7.1.   Interface NAT...........................................................................................................................................................31   2.7.2.   Policy NAT-src.........................................................................................................................................................31   2.7.3.   DIPs 32   2.7.4.   Policy NAT-dst.........................................................................................................................................................33   2.7.5.   MIPs 34   2.7.6.   VIPs 35   2.8.   Packet Flows...............................................................................................................................................................36   2.9.   Review Questions......................................................................................................................................................38   2.9.1.   Review Answers......................................................................................................................................................41   3.   VPNs...............................................................................................................................................................................43   3.1.   PKI 43   3.1.1.   Digital Certificates...................................................................................................................................................43   3.1.2.   Certificate Authorities.............................................................................................................................................43   3.1.3.   Certificate Revocation............................................................................................................................................44   3.1.4.   Configuring Digital Certificates on a NetScreen.................................................................................................44   3.2.   IKE 45   3.2.1.   Modes 46   3.2.2.   Proposals..................................................................................................................................................................47   3.3.   IPSec 47   3.3.1.   Protocols...................................................................................................................................................................47   3.3.2.   Encapsulation..........................................................................................................................................................48   3.3.3.   Perfect Forward Secrecy.......................................................................................................................................48   3.3.4.   Proposals..................................................................................................................................................................48   3.3.5.   Proxy-IDs..................................................................................................................................................................48   3.4.   Policy-Based VPNs....................................................................................................................................................49   3.5.   Route-Based VPNs....................................................................................................................................................49   3.6.   IPSec Packet Flow.....................................................................................................................................................51   3.7.   Dynamic Peers...........................................................................................................................................................54   3.8.   Hub and Spoke VPNs...............................................................................................................................................55   3.8.1.   Back-to-Back VPNs................................................................................................................................................58   3.8.2.   VPNs using the NHTB............................................................................................................................................60   3.9.   Overlapping VPN Networks......................................................................................................................................64      Netscreen JNCIS-FWV Study Guide v1.3-public.doc 30 Mar 2005 14:03 Page 4 3.10.   VPN Monitoring..........................................................................................................................................................66   3.10.1.   Rekey 67   3.10.2.   Optimisation.............................................................................................................................................................67   3.11.   VPN Groups................................................................................................................................................................67   3.11.1.   Priorities....................................................................................................................................................................68   3.12.   VPN Troubleshooting................................................................................................................................................69   3.12.1.   IKE 69   3.12.2.   Security Associations.............................................................................................................................................72   3.12.3.   Common VPN Errors..............................................................................................................................................73   3.13.   Review Questions......................................................................................................................................................78   3.13.1.   Review Answers......................................................................................................................................................83   4.   Network Management................................................................................................................................................88   4.1.   Local Management....................................................................................................................................................88   4.2.   Remote Management................................................................................................................................................88   4.3.   Manage/r IPs...............................................................................................................................................................88   4.3.1.   Manage IPs..............................................................................................................................................................88   4.3.2.   Manager IPs.............................................................................................................................................................90   4.4.   Management Methods...............................................................................................................................................90   4.4.1.   CLI 91   4.4.2.   WebUI 92   4.4.3.   NSM 93   4.5.   User Privileges...........................................................................................................................................................93   4.5.1.   Root User.................................................................................................................................................................93   4.5.2.   Root System Write/Read Users............................................................................................................................94   4.5.3.   Root System Read Only Users.............................................................................................................................94   4.5.4.   Virtual System Write/Read Users.........................................................................................................................94   4.5.5.   Virtual System Read Only Users..........................................................................................................................94   4.6.   Firewall Logs...............................................................................................................................................................94   4.6.1.   Self Log.....................................................................................................................................................................95   4.6.2.   Event Log.................................................................................................................................................................95   4.6.3.   Traffic Log................................................................................................................................................................98   4.7.   Counters......................................................................................................................................................................98   4.7.1.   Flow Counters..........................................................................................................................................................98   4.7.2.   Screen Counters.....................................................................................................................................................99   4.7.3.   Hardware Counters...............................................................................................................................................100   4.7.4.   Policy Counters.....................................................................................................................................................101   4.8.   SYSLOG....................................................................................................................................................................101   4.9.   SNMP 102   4.10.   Traffic Alarms............................................................................................................................................................104   4.11.   Review Questions....................................................................................................................................................105   4.11.1.   Review Answers....................................................................................................................................................108   5.   Troubleshooting Traffic Flows..............................................................................................................................110   5.1.   Debugging.................................................................................................................................................................110   5.1.1.   The Debug Buffer..................................................................................................................................................110   5.2.   Snoop 111   5.2.1.    Activating Snoop...................................................................................................................................................111   5.2.2.   Filtering with Snoop..............................................................................................................................................111   5.2.3.   Snoop Output.........................................................................................................................................................113   5.3.   Flow Filters................................................................................................................................................................114   5.3.1.   Using Flow Filters..................................................................................................................................................115   5.3.2.   Flow Filter Output..................................................................................................................................................117   5.4.   Session Information.................................................................................................................................................121   5.5.   Review Questions....................................................................................................................................................122   5.5.1.   Review Answers....................................................................................................................................................128   6.   Traffic Management..................................................................................................................................................132   6.1.   Interface Bandwidth.................................................................................................................................................132   6.2.   Policies and Bandwidth Management..................................................................................................................132   6.2.1.   Priority Queuing.....................................................................................................................................................133   6.2.2.   Guaranteed Bandwidth........................................................................................................................................134   6.2.3.   Maximum Bandwidth............................................................................................................................................134   6.2.4.   DSCP 135  
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks