Need help with interview

wrfortiscuewrfortiscue Member Posts: 62 ■■□□□□□□□□
I have an interview for an internal firewall/vpn position. I am helpdesk right now.

This is some of the job desc. How should I go about preparing for this?

Monitors and assists with the Firewall and Intrusion Prevention Systems (IPS) to ensure protection of the CSD network; performs tasks to mitigate network security threats
Provides Tier 2 support for WAN/LAN, Security, Virtual Private Network (VPN), Firewall, and wireless local area networks (WLAN)
Maintains and implements Firewall and network solutions consistent with the goals of the Agency security plan
Confers with network users to resolve system issues
Monitors and maintains VPN connections to external entities; monitors and analyzes FTP connections for external interfaces


I am usually a nervous nancy lol.

Comments

  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    Read up on those topics so you aren't nervous. Research the company. Prepare questions for them.
    Never let your fear decide your fate....
  • TrucidoTrucido Member Posts: 250 ■■□□□□□□□□
    I would go on a hunch here and say if you have N+ and S+ you should be set. Just a guess though.
    2017 Certification Goals
    CompTIA A+ [ ] CompTIA Net+ [ ] CompTIA Sec+ [ ] CCENT [ ] ITIL [ ]
  • wrfortiscuewrfortiscue Member Posts: 62 ■■□□□□□□□□
    Trucido wrote: »
    I would go on a hunch here and say if you have N+ and S+ you should be set. Just a guess though.
    like network+/ security+?
  • TechnicalJayTechnicalJay Member Posts: 219 ■■■□□□□□□□
    like network+/ security+?

    Yes that's what he means
  • wrfortiscuewrfortiscue Member Posts: 62 ■■□□□□□□□□
    Yeah I have those, along with a CCNA security. Just need to brush up on it because I don't use these skills in my current job and forgot most lol.
  • KrekenKreken Member Posts: 284
    Here is my advice how to prepare since you don't work with the equipment on daily basis.

    Download and setup GNS3, if you don't have Cisco smartnets for ASA & routers, do a creative googling and look for ASA/router images. For ASA, I would recommend 8.4 image and ASAv 9.6. Keep in mind ASAv limitations like it doesn't support multicontext mode and etc.
    For IOS, look for C7200-ADVENTERPRISEK9-M v.15.2, this is the least buggy with most of the features working on GNS3.

    Once you have that setup, create simple network topologies.
    1. R1---ASA---R2
    Configure ASA using CLI to allow R1 ping R2. Don't forget about routing on R1 & R2.
    2. Same topology as 1, configure ikev1 site to site VPN between R1 and R2. Use loopbacks as source and destination. You will also need to make changes on ASA to make this work.
    3. ASA1---ASA2
    \ /
    switch
    |
    R1
    Configure ASAs in a failover cluster, ASA1 is primary. Up to you if you want to configure stateful failover or not.
    Once you setup a cluster, configure ikev2 site-to-site VPN between ASA and R1.

    If you want, you can also run debugs on ike and ipsec just to see what exactly happens during the tunnel creation. I would also read articles about IKE and IPsec. Know the difference between IKEv1 and v2.

    Configuring Internet Key Exchange Version 2 (IKEv2)* [Support] - Cisco Systems

    4. On any ASA, configure a service policy to inspect FTP and reset connection if delete command is issued.
    Be able to explain the difference between active and passive mode FTP and implication on the firewall.

    Edit: Forgot to add. Know how ASA routes traffic. Read release notes for 9.2.
  • wrfortiscuewrfortiscue Member Posts: 62 ■■□□□□□□□□
    Kreken wrote: »
    Here is my advice how to prepare since you don't work with the equipment on daily basis.

    Download and setup GNS3, if you don't have Cisco smartnets for ASA & routers, do a creative googling and look for ASA/router images. For ASA, I would recommend 8.4 image and ASAv 9.6. Keep in mind ASAv limitations like it doesn't support multicontext mode and etc.
    For IOS, look for C7200-ADVENTERPRISEK9-M v.15.2, this is the least buggy with most of the features working on GNS3.

    Once you have that setup, create simple network topologies.
    1. R1---ASA---R2
    Configure ASA using CLI to allow R1 ping R2. Don't forget about routing on R1 & R2.
    2. Same topology as 1, configure ikev1 site to site VPN between R1 and R2. Use loopbacks as source and destination. You will also need to make changes on ASA to make this work.
    3. ASA1---ASA2
    \ /
    switch
    |
    R1
    Configure ASAs in a failover cluster, ASA1 is primary. Up to you if you want to configure stateful failover or not.
    Once you setup a cluster, configure ikev2 site-to-site VPN between ASA and R1.

    If you want, you can also run debugs on ike and ipsec just to see what exactly happens during the tunnel creating. I would also read articles about IKE and IPsec. Know the difference between IKEv1 and v2.

    Configuring Internet Key Exchange Version 2 (IKEv2)* [Support] - Cisco Systems

    4. On any ASA, configure a service policy to inspect FTP and reset connection if delete command is issued.
    Be able to explain the difference between active and passive mode FTP and implication on the firewall.

    Edit: Forgot to add. Know how ASA routes traffic. Read release notes for 9.2.

    Thanks, I will try to cram this over the weekend. Not sure how much of it I can retain while being nervous lol.
Sign In or Register to comment.