In this article, we will discuss Cisco ASA Firewall Questions and Answers. If you are preparing for the network job, I recommend you go through all the questions. Let’s start!
Cisco ASA Firewall Interview Questions and Answers
What is a firewall?
A firewall is a network security device that is placed in between trust and untrust networks. Firewalls allow the traffic based on configured Access Control Lists. A firewall can be a hardware or a virtual machine running on a private or public cloud.
What do you mean by stateful inspection?
In stateful inspection, firewalls will create a state/connection table and maintain the information of active sessions. A firewall will check the connection table before the Access Control Lists to allow the traffic. Generally, a firewall has the following content in the state/connection table:
- Source IP Address
- Destination IP Address
- Protocol, i.e., TCP/UDP
- Port Numbers, TCP Flags
What do you mean by security level in Cisco ASA?
Security Level is nothing but a number between 0 to 100. High-Security Level means we have higher trust, and Low-Security Level means Lower trust in that particular zone.
Does the Cisco ASA allow the traffic between the same security levels?
By default, the Cisco ASA blocks the traffic between the same security levels. You can use the below command to allow the traffic between the same security levels:
FirewallBuddy(config)#same-security-traffic permit inter-interface
At which layer of the OSI Model firewall works?
Firewalls work on OSI Layer 3 to Layer 7.
Which routing protocols are supported by Cisco ASA?
Cisco ASA supports RIP, OSPF, EIGRP, and BGP.
What do you mean by failover in Cisco ASA?
Failover is the Cisco proprietary feature that provides redundancy. We can configure high availability between two identical Cisco ASA firewalls. Here, we are required to configure a dedicated failover link. Firewalls will monitor the physical links and heartbeat to trigger a failover.
What are the failover types in Cisco ASA – Firewall Interview
- Active/Standby failover
- Active/Active failover
How will you configure a default route on the Cisco ASA Firewall?
A default route can be configured using CLI and ASDM. You can use the below command to configure a default route on Cisco ASA Firewall:
FirewallBuddy(config)# route outside 0 0 <next-hop-ip>
How will you configure a static route on the Cisco ASA Firewall using CLI?
FirewallBuddy(config)# route outside <destination-network> <subnet-mask> <next-hop-ip>
What is a transparent firewall?
A transparent firewall will act as a Laye2 device. We can control traffic using the same Access-Lists configured in Layer 3 mode.
What are the two modes of Cisco ASA Firewall?
- Transparent mode
- Routed mode
How can you check the current mode configured on the Firewall using CLI?
FirewallBuddy# show firewall
How can you convert firewall mode to transparent mode using CLI?
FirewallBuddy#firewall transparent
Is it possible to block HTTPS traffic on the Cisco ASA Firewall?
We can block HTTPS traffic using ACLs. However, we can’t inspect the HTTPS traffic for different requirements, such as SSL decryption.
How can you manage the Cisco ASA devices?
Cisco ASA can be managed by the command line or via ASDM.
Related Articles
- Cisco ASA Firewall – Hairpin or U-turn NAT
- How to install Cisco ASAv Firewall in EVE-NG Simulator
- Configure Cisco ASA Firewalls for ASDM Access
- How to configure Static Routes on Cisco ASA Firewall
- Cisco ASA: Security Levels and Zones Explained
- Cisco ASA Configuration Backup using SCP, TFTP, and ASDM
- pfSense Firewall Quick Overview
- How to configure High Availability in Palo Alto Networks Firewall
Summary
In this article, we have discussed different questions related to the Cisco ASA firewall interview. I’ll keep this updated with the latest Cisco ASA Firewall questions. I recommend you read the questions before going for an interview.
I hope you like this article. Please share this article on social media platforms and show us some love 🙂