The following are network firewall interview questions and answers which is asked during a Cyber security job interview. We explain the different questions on packet filtering firewalls with a real time example.
The questions are based on the below scenario.
A web server is configured behind a packet filter firewall and is configured to allow access to https traffic.
What happens when an encrypted SSL packet comes to the firewall with the destination IP address as that of the server ?
The server looks into the packet and checks the port number. The port number in this case is TCP port 443 for SSL. HTTPS uses SSL for communication. So the packet would be allowed to access the firewall.
Can the firewall decrypt the packet and look into the contents of it ?
No. Only the web server can decrypt the packet since the SSL keys for the session is derived between the client and the server and the firewall is not involved.
A network administrator initiates a connection to a FTP server on the outside network from the inside network. Would he be allowed access ?
Yes he would be allowed access , since there is no outbound rule configured to block FTP.
A user pings the server from the outside network. What would happen to the ping packet. Will it reach the server ?
The packet would not reach the server. It would be dropped on the firewall since only https traffic is allowed.
Which protocol should you configure on the firewall for ping to be allowed on the web server ?
The firewall should be configured to allow icmp packets , which is used by ping.
An attacker launches a DDOS attack on the web server for the FTP Service on it. Will the server be impacted ?
The server will not be impacted since, the firewall is configured to allow only https traffic and all other traffic would be dropped. The packets associated with the DDOS attack would be dropped and will not reach the server.
What would happen if a network administrator tries to access a website from the web server. Would it be allowed or blocked ?
This would be allowed since there is no rule blocking the server communication from the inside network. The inside network is a trusted network from which all traffic to the outside is allowed unless explicitly blocked.
When behind a firewall, can the web server and lan be on the same network ?
No, the web server has to be placed on a different network from the LAN. This is the DMZ network. The DMZ network can either be configured either on two physical interfaces, or on a single interface with the use of VLAN.
The web server is under an SQL injection attack. Can the firewall block it ?
No. The firewall is a packet filter network layer firewall. It does not have the intelligence to detect SQL injection attacks , since it is an application layer attack.
You are required to block ip spoofing attacks from the outside network to the inside network for packets originating from the inside network address. How would you configure it ?
Configure an inbound ACL on the firewall which block all packets originating from the external network which has the address in the LAN address range.