Video 2

Earlier firewall filtered traffic based on ip address and layer 4 protocol [port numbers] like tcp , udp
And also provides facilities of stateful filtering.
URL Filtering : We can block Harmful websites , malicious websites using URL filtering based on url
categories.
Threat prevention & antivirus : Malicious packet content like downloading software or files that
contains malware.
Application awareness : Deep packet inspection , check the header & payload of the packets .
User id : Based on user name we can filter the traffic not just ip address.

Video 3

Management concepts
*******************
1> Serial console : default user id & password is "admin"
2> Mgmt port : Default ip address : 192.168.1.1 , we can do either SSh or https

Video 4

Basic configuration
****************
Login to device via mgmt port or comsole , login as admin admin.

Two types of configuration :

Candidate config
Running config [after commit]
Show interface management : To verify the configuration
Device -> setup -> management interface
Default ping , ssh & https is allowed on mgmt interface.
We can also define permitted ip address to access firewall through mgmt interface ip address.
Service route : which ip address firewall will use as a source while getting updates from internet like
DNS , NTP , dynamic updates. By default it uses mgmt interface as a source.

Video 5

Updating the firewall software

*************************
Device -> software -> list of ios we currently have
Click on "check now" to get the latest cersion available

7.1.X
*****
7 : Major version
1 : Minor version
X : Maintaintanace release.

Device > Setup > Operations > Save Named Configuration Snapshot
Device > Setup > Operations > Export Named configuration Snapshot
Suspend the standby device from cluster
GUI
Suspend the active firewall : Select Device > High Availability > Operational Commands and click the
Suspend local device link.
CLI
> request high-availability state suspend
Update the dynmaic updates [threat prevention & antivirus , wild fire] because their can be requirment
of their minimum version for os upgrades.
Before upgrading we should make sure we have base version downloaded on machine
7.1.10 to 8.0.10 = base version 8.0.1.
Downlaod the os software , install it & reload the device
Note : preemptive [should be disabled ] , Disable TCP-Reject-Non-SYN [so that sessions can failover even
when they are not in sync.]

If the device is still in suspended state make it functional again

CLI > request high-availability state functional
GUI : Go to Device > High Availability > Operational Commands > Make Local Device Functional
Video 6

TAP Interface
***********
The best use of tap interface is ,
-> Before creating a policy we can first understand what kind
of traffic is going through network whether it is malicious or not .

So to do that we can configure tap interface connect it into the network switch.
but we have to configure span configuration i.e port mirroring on cisco switch to send one copy of traffic
to firewall tap interface.
Video 7

Virtual wire interface

******************
We can place firewall in production with all security policy configured
without configuring ip address on interfaces and its also called bump
in the wire like in cisco we have Transparent firewall.

Configuration
-------------------
Take any two interface convert it into virtual wire type .
then we have to create virtual wire object & call those
virtual wire interface their .
so now this virtual wire object will be associated with both interfaces.

Commit options
---------------------
1> Commit all changes
2> Commit changes made by admin [we can choose admin name here]
We can also preview the changes by his number. here it will show running & candidate configuration.
-> Preview change
-> change summary
-> Validate commit.

Video 11

Virtual router is like VRF , if we want to route the traffic from two same subnet , mostly it used by ISP.

Video 18

Session End Reason (session_end_reason)

***********************************
1> Threat : The firewall detected a threat associated with a reset, drop, or block (IP address) action.
2> Policy-deny : The session matched a security rule with a deny or drop action.
3> tcp-rst-from-client : The client sent a TCP reset to the server.
4> tcp-rst-from-server : The server sent a TCP reset to the client.
5> tcp-fin : One host or both hosts in the connection sent a TCP FIN message to close the session.
6> tcp-reuse : A session is reused and the firewall closes the previous session.
7> aged-out : Occurs when a session closes due to aging out.
Video 19

Policy destination part

*******************
Post nat zone
pre nat address

Zone protection profile

********************
Network -> Zone protection -> create Zone protection profile by clicking on ADD

Interface management profile

*************************
By default we can only connect to firewall via mgmt port
other port blocks https , ssh , ping etc.

Network -> interface management -> Add

we can also define permitted ip address here

Configuration management
*************************
Every time when we commit their is version of config stored on the firewall.
we can also save the candiate config & enforce after some day .
we can also give a name for candiate config.

It will revert any changes in candidate config .

Another option to revert is :

Go to : Device -> Setup -> Operations ->
It will do the same thing as revert config option , It will revert any changes in candidate config .
If you haven’t done any changes “commit” option wont be available.

Now we created one object & saved the changes

It will save the file to a snapshot file to a firewall.

There is two ways to save the configuration
1> Save named configuration snapshot.
2> Save the candidate configuration
To restore we can use “Load named configuration snapshot”

We also have revert as per the configuration revision number

Device -> setup -> operation
Loading configuration version

Most recent is top which revision number 126