Scribd Logo
Upload

Welcome to Scribd!

  • 1K views

    S80 - XG Firewall v18.0 - Technician: No Firewall Rule Was Matched

    Uploaded by

    CJ Foma’i
    This document contains questions about Sophos XG Firewall v18.0. It asks about supported hypervisors, troubleshooting firewall rules and log components, DNAT rule precedence, adjusting TLS decryption limits, destination IPs for firewall rules matching DNAT rules, resetting lost admin passwords, performing Ethernet card tests, defining issues in troubleshooting, causes of both devices becoming primary in an HA pair, route precedence, issues shown in Strongswan logs including mismatched pre-shared keys and incorrect IDs, provisioning server errors, split tunneling configuration, logon domain errors, required STAS service account permissions, ports for the Collector to poll computers, correcting authentication methods, viewing associated IP addresses in ipsets, features only available

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    S80 - XG Firewall v18.0 - Technician: No Firewall Rule Was Matched

    Uploaded by

    CJ Foma’i
    1K views4 pages
    This document contains questions about Sophos XG Firewall v18.0. It asks about supported hypervisors, troubleshooting firewall rules and log components, DNAT rule precedence, adjusting TLS decryption limits, destination IPs for firewall rules matching DNAT rules, resetting lost admin passwords, performing Ethernet card tests, defining issues in troubleshooting, causes of both devices becoming primary in an HA pair, route precedence, issues shown in Strongswan logs including mismatched pre-shared keys and incorrect IDs, provisioning server errors, split tunneling configuration, logon domain errors, required STAS service account permissions, ports for the Collector to poll computers, correcting authentication methods, viewing associated IP addresses in ipsets, features only available

    Original Description:

    Guide on S80 Sophos XG Firewall v18.0

    Original Title

    firewall_18.0_tec.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains questions about Sophos XG Firewall v18.0. It asks about supported hypervisors, troubleshooting firewall rules and log components, DNAT rule precedence, adjusting TLS decryption limits, destination IPs for firewall rules matching DNAT rules, resetting lost admin passwords, performing Ethernet card tests, defining issues in troubleshooting, causes of both devices becoming primary in an HA pair, route precedence, issues shown in Strongswan logs including mismatched pre-shared keys and incorrect IDs, provisioning server errors, split tunneling configuration, logon domain errors, required STAS service account permissions, ports for the Collector to poll computers, correcting authentication methods, viewing associated IP addresses in ipsets, features only available

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    1K views4 pages

    S80 - XG Firewall v18.0 - Technician: No Firewall Rule Was Matched

    Uploaded by

    CJ Foma’i
    This document contains questions about Sophos XG Firewall v18.0. It asks about supported hypervisors, troubleshooting firewall rules and log components, DNAT rule precedence, adjusting TLS decryption limits, destination IPs for firewall rules matching DNAT rules, resetting lost admin passwords, performing Ethernet card tests, defining issues in troubleshooting, causes of both devices becoming primary in an HA pair, route precedence, issues shown in Strongswan logs including mismatched pre-shared keys and incorrect IDs, provisioning server errors, split tunneling configuration, logon domain errors, required STAS service account permissions, ports for the Collector to poll computers, correcting authentication methods, viewing associated IP addresses in ipsets, features only available

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    S80 - XG Firewall v18.

    0 - Technician

    1. Which hypervisors have a network adapter that is supported by FastPath? ESX


    2. When you are troubleshooting a firewall rule and see the log_component is
    “Appliance Access”, what does this mean? No firewall rule was matched
    3. TRUE or FALSE: DNAT rules will take precedence over device access. – true
    4. TRUE or FALSE: The TLS decryption limit can be adjusted via the Console. – false
    5. When creating a firewall rule to allow traffic that matches a DNAT rule, what
    destination IP should be used? preNAT
    6. ou have lost the password for the admin account.You have physical access to the XG
    Firewall, what do you type at the password prompt? RESET
    7. Where would you perform an Ethernet card test? In SF Loader
    8. In which phase of the troubleshooting do you confirm the steps required to reproduce
    the error or symptom? Define the issue
    9. Both devices in an active-passive high availability pair become the primary device.
    What is the most likely cause? There is a problem with the dedicated HA port or cable
    10. By default, which type of route has the highest precedence? Static route
    11. What issue is shown in this log extract from strangswan.log?

    Mismatching pre-shared keys


    12. What issue is shown in this log extract from the strongswan.log?

    Incorrect ID

    This study source was downloaded by 100000844025221 from CourseHero.com on 03-22-2022 16:47:12 GMT -05:00

    https://www.coursehero.com/file/121786561/firewall-180-tecpdf/
    13. What issue is shown in this log extract from csc.log?

    Provisioning server cannot be reached on port 3400


    14. Where do you configure split tunnelling for Sophos Connect?
    Sophos Connect Admin
    15. What issue is shown in this log extract from strongswan.log?

    Mismatching policy
    16. What is the default SSL VPN port? 8443

    17. What can this PowerShell command be used for?


    Get-WMIObject win32_ntdomain –computername <HOSTNAME>
    Check which domain controller a computer used to logon to the domain
    18. In which 2 places does the captive portal need to be enabled? Firewall Rule Device
    Access
    19. Enter the port that the Collector sends logon events to the XG Firewall on -. 6060
    20. Which permissions does the STAS service account need?
    Backup Operator, Event log readers, Logon as a service, Local administrator on endpoints
    21. Which 2 TCP ports must be open for the Collector to be able to poll computers for
    user session information? 445 135
    22. You cannot login with your Active Directory credentials.
    In the authentication log you see ‘auth_method=Local’.
    Where would you correct this in the WebAdmin?
    Authentication > Services

    This study source was downloaded by 100000844025221 from CourseHero.com on 03-22-2022 16:47:12 GMT -05:00

    https://www.coursehero.com/file/121786561/firewall-180-tecpdf/
    23. In which ipset can you see whether an IP address has been associated with a user?
    Enter the name of the ipset. The ipset is Iusers

    24. Which of the following are only available when using the web proxy? SafeSearch
    Enforcement, Explicit Proxy, Parent Proxy
    25. Enter the command to enable debug logging for DPI web scanning, Acceptable
    responses: service -ds nosync ips:debugp, service ips:debugp -ds nosync
    26. What is the expected maximum duration for resolving a web request by the web
    proxy in microseconds? The expected maximum duration for resolving a web request by the web
    proxy is 50,000
    27. If a URL has no category, what might it show up as in the log? Uncategorized, None

    28. What is the most probable cause of this error?


    Temporary error while accessing Sophos Central or Sophos Central identity could not be
    verified.

    29. Which port is used to establish the Security Heartbeat between an endpoint and XG
    Firewall?
    30. What threat would be reported when malicious outbound traffic is detected by the
    endpoint?

    31. Where do you confirm the users and groups for web server authentication?
    Authentication Policy,

    32. You need to skip a threat filter rule, where would you enter the ID? Protection Policy

    33. You have identified a form hardening issue from the reverseproxy.log, where would
    you got to resolve this? Firewall Rule

    34. A user has clicked on a link from a search engine to a page but access is blocked.
    Which feature is most likely to be responsible? Static URL Hardening

    35. What mode should the protection policy be set to when refining the configuration so
    as to not block access? Monitor

    36. Enter the magic IP address that the access point sends traffic to. Acceptable responses:
    1.2.3.4

    37. Enter the management port used by the access point. Acceptable responses: 2712

    This study source was downloaded by 100000844025221 from CourseHero.com on 03-22-2022 16:47:12 GMT -05:00

    https://www.coursehero.com/file/121786561/firewall-180-tecpdf/
    38. Which command can be used to check what devices are on the route from the access
    point to the magic IP address? tracert 1.2.3.4

    39. Enter the tool that can be used to connect to an access point. Acceptable responses: awetool

    40. Complete the following command for checking for errors connecting to the Cyren
    antispam database. grep “err ..........................................” /log/syslog.log - Acceptable
    responses: ctasd

    41. Which of the following can you enable and disable quarantine digests for? Group,
    User

    42. What is the primary log file for email protection in MTA mode? Acceptable responses:
    smtpd_main.log

    43. What is the URL for the support portal where you can search the knowledgebase and
    raise a ticket? https://Acceptable responses: support.sophos.com

    44. What partition is the reporting data stored on? Acceptable responses: var, /var

    45. What CONSOLE command can you use to check the disk utilization? system
    diagnostics show disk

    46.

    This study source was downloaded by 100000844025221 from CourseHero.com on 03-22-2022 16:47:12 GMT -05:00

    https://www.coursehero.com/file/121786561/firewall-180-tecpdf/
    Powered by TCPDF (www.tcpdf.org)

    You might also like