Cisco ASA Firewall Interview Questions and Answers – 2022

In this article, we will discuss Cisco ASA Firewall Questions and Answers. If you are preparing for the network job, I’ll recommend you to go through all of the below questions and answers. Let’s start!

cisco-asa-firewall-interview-questions-and-answers

Cisco ASA Firewall Interview Questions and Answers

What is a firewall?

A firewall is a network security device that is placed in-between trust and untrust networks. Firewalls allow the traffic based on configured Access Control Lists. A firewall can be a hardware or a virtual machine running on private or public clouds.

What do you mean by stateful inspection?

In stateful inspection, firewalls will create a state/connection table in which they maintain information about active sessions. A firewall will check the connection table before the Access Control Lists to allow the traffic. Generally, a firewall has the following content in the state/connection table:

  • Source IP Address
  • Destination IP Address
  • Protocol, i.e, TCP/UDP
  • Port Numbers, TCP Flags

What do you mean by security level in Cisco ASA?

Security Level is nothing but a number between 0 to 100. High-Security Level means we have higher trust and Low-Security Level means Lower trust in that particular zone.

Does the Cisco ASA allow the traffic between the same security levels?

By default, the Cisco ASA blocks the traffic between the same security levels. You can use the below command to allow the traffic between the same security levels:

IPTrainer(config)#same-security-traffic permit inter-interface

At which layer of the OSI Model firewall works?

Firewalls work on OSI Layer 3 to Layer 7.

Which routing protocols are supported by Cisco ASA?

Cisco ASA supports RIP, OSPF, EIGRP, and BGP.

What do you mean by failover in Cisco ASA?

Failover is the cisco proprietary feature that provides redundancy. We can configure High-Availability between two identical Cisco ASA firewalls. Here, we are required to configure a dedicated failover link. Firewalls will monitor the physical links and heartbeat to trigger a failover.

What are the failover types in Cisco ASA?

  • Active/Standby failover
  • Active/Active failover

How you will configure a default route on Cisco ASA Firewall?

A default route can be configured using CLI and ASDM. You can use the below command to configure a default route on Cisco ASA Firewall:

IPTrainer(config)# route outside 0 0 <next-hop-ip>

How you will configure a static route on Cisco ASA Firewall using CLI?

IPTrainer(config)# route outside <destination-network> <subnet-mask> <next-hop-ip>

What is the transparent firewall?

A transparent firewall is a special type of firewall mode where the firewall will act as a Laye2 device. We can control traffic using the same Access-Lists configured in Layer 3 mode.

What are the two modes of Cisco ASA Firewall?

  • Transparent mode
  • Routed mode

How you can check the current mode configured on Firewall using CLI?

IPTrainer# show firewall

How you can convert firewall mode to transparent mode using CLI?

IPTrainer#firewall transparent

Is it possible to block HTTPS traffic on Cisco ASA Firewall?

We can block HTTPS traffic using ACLs. However, we can’t inspect the HTTPS traffic for different needs such as URL Filtering.

Related Articles

Summary

In this article, we have discussed important questions that are being asked during the Cisco ASA firewall interview. I’ll keep this updated with the latest cisco asa firewall questions. I recommend you must go through all of the questions before going for an interview.

Hope you like this article. Please share this article on social media platforms and shows us some love 🙂

Leave a Reply

Your email address will not be published.