CBT Nuggets 70-293 error!

_maurice

Hey,

So I am watching a cbt nuggets video for the 70-293 titled "RRAS Authentication + Policies". Towards the end of the video, the instructor creates an inbound filter for a Remote Access Policy to block https traffic. He creates one filter. In this filter, he configures the source port to be 443 and the destination port to be 443.

My question is: didn't he configure this filter incorrectly? Https traffic is either source port 443 or destination port 443. The source and destination ports for TCP traffic is rarely the same. Shouldn't he have created 2 filters, the first filter with source port 443, and the second filter with destination port 443? The source and destination ports have to match the filter for it to take action, right?

In addition to this first error, he states that creating an inbound filter to allow port 21 for a public interface under the NAT/Basic firewall section in RRAS is the same thing as checking FTP Server under the Services and Ports tab. He says, "it's just an easier way in case you don't know what port FTP runs on."

I thought that an inbound filter is like a firewall access rule, and the Services and Ports tab lists NAT policy translations. Allowing the port in, versus translating layer 3 and layer 4 headers is different, right?

Anyways, c'mon network dudes out there. back me up on these 2 networking errors that the instructor made.

Thanks

Mishra

_maurice wrote:

In addition to this first error, he states that creating an inbound filter to allow port 21 for a public interface under the NAT/Basic firewall section in RRAS is the same thing as checking FTP Server under the Services and Ports tab. He says, "it's just an easier way in case you don't know what port FTP runs on."

I thought that an inbound filter is like a firewall access rule, and the Services and Ports tab lists NAT policy translations. Allowing the port in, versus translating layer 3 and layer 4 headers is different, right?

Anyways, c'mon network dudes out there. back me up on these 2 networking errors that the instructor made.

Thanks

I still think he is trying to say that if you add a rule and allow it then you can just check in your RRAS configuration which posts you have ready to go or not. It also allows you to flip on and off services as you like.

Yes the inbound filters act like an access rule but if you just allow the port to come through then nothing really changes. So I'm confused on what you are wondering.