Network Settings (routing, interfaces, etc) Flashcards

1
Q

Which sections are covered in this deck?

A

Network routing modes
DNS
Interface types and aliases
Network bridges
Secondary networks
VLANs
Multi-WAN
SD-WAN
Static routing
Dynamic NAT
Static NAT
1-to-1 NAT
Traffic management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You can configure Network settings in three modes - what are they?

A

Mixed Routing - the only mode that allows you to use ALL Firebox features
Drop-In - some features disabled
Bridge Mode - some features disabled, and does not allow VPN configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The Firebox starts in what Routing configuration? (Hint: it’s the most commonly used.)

A

Mixed Routing mode

NOTE: the Web Setup Wizard (WSW) automatically starts in Mixed Routing mode, while the Quick Setup Wizard in Watchguard System Manager (WSM) can be configured in either Mixed Routing or Drop-In mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In Drop-In mode, you can but do not need to have NAT, and all Firebox interfaces…

A

…have the same IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Bridge mode, layer 2 and layer 3 data is not handled so you cannot configure…

A

…NAT, VLANs, or routing. But you can configure ONE interface to manage the Firebox.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

One of the basic functions of a firewall is to…

A

…move packets from one side of the firewall to the other. (This is Routing.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewall interfaces are of four types:

A

Any-External — An alias for any network reachable through a Firebox interface configured as external
Any-Trusted — An alias for any network reachable through a Firebox interface configured as trusted
Any-Optional — An alias for any network reachable through a Firebox interface configured as optional
Any — An alias for any address. This includes any IP address, interface, custom interface, tunnel, or user group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exteranal Firebox interfaces can be configured to handle…

A

Dynamic DNS and IP fetched from external DHCP server or Point-to-Point Protocol over Ethernet (PPPoE) server, and Static IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The External interface has what alias and default route?

A

External interface is a member of Any-External alias, and default routing is called “Zero Route” and corresponds to 0.0.0.0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Trusted interface alias is called what, and what connects to it?

A

Any-Trusted, and connects to the private LAN or internal resources you want to protect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Optional interface connects to…

A

…mixted trust or DMZ networks, public web, FTP, or mail servers. This is aliased to Any-Optional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Custom interface is designated with the alias Any, and is used for…

A

…any connections that are not members of the other three types, and for which traffic is blocked except as specific policies allow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Most users configure at least one of these two interfaces:

A

Trusted and External

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Internal interfaces must be STATIC, and conform to:

A

RFC 1918 and RFC 8190 [memorization]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Syntax for configuring internal network IPv4 addresses is:

A

Slash notation (network range 192.168.0.0 with subnet mask 255.255.255.0 would be defined on Firebox as 192.168.0.0/24)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Firebox is usually assigned as DHCP, but it can also be configured as…

A

…a DHCP Relay, enabling DHCP to be run from a device on a different network, then relays that to devices on Trusted, Optional, or Custom interfaces.