Cisco CCNP Security 300-710 SNCF – Cisco NGFW Firepower Threat Defense (FTD) Part 9

  • By
  • January 23, 2023
0 Comment

45. Lecture-45:Configure and Verify Pre-Filtering Policy in FTD Lab.

Will do prefilter policy layer. We will use the same topology here FTD inside 1254, outside one one 4254. There is a default out to send everything to 1141 we have to external server for test purpose one one 4250 and 251. Management of FTD is 100 200. Management of FMC is 100 to ten. FTD is all already registered with FMC we have internet, three different docker, linux and Windows system one one two and one three for test purpose password is admin and ABC at the rate ABC one for FMC and for FTD we don’t need but if you need so ABC at the rate 12345. So this the topology which we will use and what we will do, this setup is already there. We will create three pre filter policy to test all three action. The first action I will allow the ping ICMP. Okay I will bypass this one which is called fastpath. Fastpath means don’t check anything and just send them directly. We will enable this rule and we will select ICMP port number because this policy is only by source destination and source destination port number like an ACL. So here I will put ICMP and I will fastpath ICMP and I will enable logs to test them and to see okay so ICMP fast path. Second rule, I will create telnet. So for telnet what I will do, I will block telnet straight away. Second rule will be this one and will enable logs.

The third ruler which I will create SSH. SSH I will do analyze. I just want to see that it will use not engine or not. I know this rule will not use not engine, it will be block straight away and I know this will not use not engine, it will be bypass everything. And the third rule which is SSH, it will use not engine because this time I say action analyze. Analyze means follow the path, follow the default method and everything. Okay and these are the three load which we will create. And then we will attach this rule to access control policy. Because I told you every policy has to be integrated to access control policy. And then we will deploy and then a testing part. So let’s do it. Go to policy prefilter policy. Okay we just create one this one just edit them. Okay there is no rule, let’s create a rule. So we just need three rule and three action are there. So this is SSH rule analyze. Okay? And we choose analyze before or after it’s going from inside to outside network can be anything. We don’t care if you want to put any to any and port number. Let’s check maybe SSH is there. Yeah, so it’s there and add them to a destination. If destination is SSH, analyze them, it will be checked properly and aid. Okay one rule. Second rule, let’s create another rule and this time I say telnet block and let’s check out block from inside to outside and port number. So, telnet, let’s see if telnet is there or not. Yeah, so it’s there and choose destination. Okay, I believe I did not enable logs for the first one. So let’s enable logs as well, so we can see the logs. So let me go to SSH and enable logs. I forgot to enable logs. Very important so that we can verify. Okay, let’s say no.

So they will check automatically. Okay, the logs, it will go there and access control policy will take action. Okay? Yes. And now the third rule is ICMP, which will be the third action. Okay, so ICMP ICMP means ping and everything. And this will be fast path. So fast path. Okay. And inside to outside. And here is port number. So ICMP I don’t think so. It’s here. Yeah, it’s not here. It’s okay. So you can type here, go to protocol and ICMP should be an ICMP. Choose from here from any type and aid. So ICMP is here and let’s go to logs and enable logs and aid. Done. So three rules are different, three actions so that we can test all three action. Okay? Save done. Now we need to go to the main policy access control policy and we need to attach this pre filter policy here. But where here is it’s a prefilter policy by default? The default one there is when you click here. So you can choose your own one. Here is our pre filter policy. Either you can go to advance in the access control policy and it should be this is SSL, this is prefilter policy. You can click here and you can choose. So it’s up to you go to advance either directly from there to attach. Okay, so now this policy attach our pre filter is apply. Now either you can test from here, it’s showing you the same thing. So it’s up to you from here, here or it’s attached now. It’s attached now to our access Control policy and let’s deploy them. So let’s deploy to push them. Yeah. And now let’s see how we can verify. So, first I will do tenet to my outside server. I have a server here, I believe this one. So let’s see. This one is a router, basically, but we make them, so let me configure them quickly. This one is a telnet server. Okay, this one okay, it’s router, but I give them icon. So let’s go to config hostname external SRV one and interface faster than at zero IP address one, 9216-811-4251 and 255-255-2550. No shut down. And I need to configure IP route. And IP route means if you have anything and give it to 109, 21681, 114, 254. Which is the external? This one. This one. One 4254. Okay, done. To write and what else? I need to enable telnet quickly. So line VT y zero to four, transport input all and password is one, two, three and login enable password needs enable password. One, two, three and do. Right, that’s it. So our telnet server is ready.

Okay. And also let me configure SSH as well. So it’s better to do it like line VT y zero to four login local rather than password. We will use username and password. And what I need to do username admin privilege 15 and password. One, two, three and crypto key. I need domain name first. IP domain name test and crypto key. Generate RSA modulus 1024 and let’s SSH ipssh origin two. So it’s done. So we done. SSH configure as well done. So this is SSH server and also TenneT server. Let’s check out. It’s done. Yeah, it’s complete now. So let’s test them. So we can go to window. That we can do from here. So let’s go to window from inside PC. We can do puti 109 216-811-4251. Okay. And it’s a telnet first one and open it. Okay. It was 251. Yeah. Let me see if first I can ping or not, because we loud ping as well. One 9216-811-4251, so I can ping straight away. And TenneT is black. So it’s okay, it’s good. So ping is working. TenneT is black and let’s see SSH now. So one 9216-811-4251 and this time SSH. So SSH will work first time it will copy the key in admin. One, two, three, and now I’m in this server. So three thing we tested, we test ping was working. We tested a net, it was blocked and we test SSH is working, but SSH will be through deep packet inspection. Telnet will be blocked straight away without entering to snort engine. And ping will be bypassed. It will not check by snort engine. Get my point?

So how we can verify? So what we can do? So what I done. The first thing I tried telnetia. So it was block. And we can check from here, from events, but before events we can check from CLI show access list as well. So it will be deny from show access list. But there is another thing. So SSH. Yes, show connection. I forgot the command. I was here, that’s why. So how we can test if you say show connection long? Show connection long. Okay. And SSH is still there. Okay. So you see SSH traffic. Let me see which one is the SSH one? This is I’m still connected to SSH. Yeah. Okay. I just want to check show connection detail. By the way, just 1 minute control l and show connection not long. Is better to do it by detail. I just want to show you that ICMP use not engine or not. And the other one. So just to see the SSH first. SSH, SSH. Where is SSH? How I check. By the way, show connection long. By connection long. It is show connection. It’s not showing me. By the way, I just want to show you this connection, which is created SSH and this flag. That’s why I’m here. So let’s see now. SSH one, I had done SSH from one three it should be this one. Okay, I found out. So let’s go to here is flag this one. And this is SSH. One three is my internal system. And this the responder 251. And where is SSH? I just want to show you SSH. Okay. It’s a bit here.

After this one, there is 2212 is here. Other two is here. So I done SSH. So SSH flag is this one. U-X-I-O-N-A. So how I can find out. So you need to go up. Okay. Because it’s not showing all the screen. By the way, let me explain you from here. So this was the flag. Yeah. This flag means that inspected by Snort snort engine. Because SSH we choose date, it should be analyzed. If you go back to DNS policies, we create three policies. That’s the main difference. That’s why I am showing you from here. So that you can understand what is the difference between these three. So for SSH, I choose Analyze. Where is SSH one? Sorry? DNS. I came to DNS. It should be prefilter. And here is prefilter so far DNS I say analyze. Analyze means normal procedure to follow. Here is analyze. So for analyze, what they will do, they will follow the default policy and it will be checked by Snort engine. So that’s why Snort engine tests them. And is showing this one flag this one and this flagged me this up. By the way, let me see. We can do something. I don’t know how to if I can take SSH, let me try. If I can do SSH, it will be clear just 1 minute. The management IP, I don’t know we can do SSH or not. Because in new device they remove SSH for some reason. But I just want to test if I can reach to 200 and admin no, otherwise I will show you from here. It will be clear. But anyway, that’s the only way to show you from here. So clear and show connection long. So the SSH is different one.

And this means to check the Snot engine. Because this is analyzed until it is blocked straight away. So it will not use Snot engine. There is no such thing to show you either. You can test from access list. Show access list. If you say show access list, there will be deny same like an SFR wall. So it is deny straight away. And I need to search it. It’s a black screen. I don’t know why I cannot access them. So it should be there. I don’t know how to search them. It’s very difficult. One access policy is here starting and it should be ten net policy. This very small and very difficult to understand. Okay, leave it. Let me show you from here. If I have this one. So when you type show access list. Okay. So there will be ten net rule which we create and there should be denied straight away and hence same like ACL. So this one is done and we check this deny by default. SSH was analyzed, so it was checked by Snot engine. Okay, and what was the third year? ICMP. Let’s try ICMP. So let me go to because ICMP rule will be clear quickly, so that’s why I need to do it continuously. So let me ping outside 109, 216-811-4251, t continue. Sorry, one one 4251. Okay, and let’s clear this one. Clear x slate. Okay, and clear connection so that I can create a new connection. The previous will be wash out. And now let’s see. Show connection long. Let’s see, there is flag, the same flag.

No, you see ICMP one three is going to 251, but you see the flake, there is no flag. Before with SSH there was a flag uxion one. And this flag means inspected by snort. But with ICMP they say there is no flag. Get me this bypass, I’m sending this traffic. Let me stop this and show you again. So let me stop this one and let me clear connection and everything clear connection. And let me do SSH again. So you can see the flag again. And duplicate session. Yes, admin. And one, two, three and let’s check out again. Show connection now SSH connection. You see a flag now is clear a bit. Where is the flag now? This time is SSH. This one, this is what I’m interested and it’s here, let me show. Okay, again it’s not showing, it should be here U. So let’s go to U. Yeah. So U is here. Oh my goodness. Yeah. So you and then the next one is ionn one. Here is N one, but it’s not showing properly, is cut up where is N one. Yeah, here is so N one inspected by snort because there is N one. So analyze is checked by Snort. And when I do tenet sorry ping, it was not there. So it’s clear from here that yes, it’s going to bypass. And now let’s verify from connection as well. So if we go to connection analyze and connection, so you’re going to find out here as well what is our IP. So I’m using one. Three. So one three is a huge traffic.

So let’s search by one three, because so many things are there. So maybe you’re going to confuse. So let me filter them by whereas networking and initiator IPS 192, 168, one three, my PC, which is PC three and search. So it will filter them because there’s so many things are there. So let’s see now. So here is you see fast path, fast path. They say the action was fast path when they are going for ICMP traffic and there is a block when they are going for telnet traffic. So we done telnet, which is block straight away and we’ve done ICMP first path and the third one was analyze SSH. So I need to check SSH, which we’ve done here. Is it’s allowed? And allowed means it will be tested by everything. So it’s clear to you. Last thing, the Fast Path. Let’s do another test. Fast Path means to bypass everything. What does it mean? Bypass everything? Here is, if you use Fast Path, so Excess Control policy will not stop you. Okay, let’s check out. So my excess Control policy. Okay, yeah. I will take your question. Just 1 minute. So this is allowed alia, let me say allowed deny everything. An excess control policy. I’m taking action. I said deny each and everything block straight away. Done. I said deny everything. Your case block. The name is allowed all. But I say block and save. Now if you understand this logic, if I deploy this one, what do you think SSH will work? Telnet is already blocked. I know TenneT will not work.

Okay, it’s clear. But I have a doubt. You need to tell me that SSH will work or not? N ping will work or not? These two things I need to clear you. Because we create three different rule. So first Path say that it will be checked before Excess Control and Excess Control I block everything but my Icmps fast Path do you think it will Ping or not? Test my concern to check but SSH. I say analyze and Analyze means to test by Control policy to test by Security Intelligence to test by Access Control ACL to test by profile policy. So I’m just wondering, before it was allowed, I block access Control policy everything. Now I have a concern that SSH will work or not. And Ping will work or not. That’s what I need. So. Yes, Ping will work. Because First Path means to bypass ACL as well. Access control policy means ACP. Sorry, an ACP? I say block them. So keeping will work. But what about SSH? No, SSH will not work. Because SSH is analyzed means that come to SS control policy. If they allowed you, then go to Security Intelligence. If they allowed you, then go. Then you can reach. But SSH is drop here. Because I said drop everything. So SSH will not work. Because they are using Snot engine and all normal path. But first path, they don’t care about anything. So Ping will still work. So now see if it is deployed. Now we will come here. So this assistance will not work again. But Ping will work. Because Ping is bypass. And bypass means to go without any restriction.

So if I say 109 216-811-4251 T, so it is working. And after this rule deploy still it will work because it’s using Fast Path. Why? I’m telling you again and again, fast Path normally we require in real world as well. And also an interview even I gave a few interview last week as well. They asked me the same thing. What is the difference between Fast Path and Analyze and pre filter policy so that you can explain them. That analyze means to follow the path. Okay, so now it’s done. Let’s see. Ping is still working. Even if I block in it. Two is working. But SSH will not work if I said duplicate session. No, because it’s blocked by excess control policy. So if I go to analyze and go to events so this time SSH is block by excess control policy. And Ping is ping don’t care. You see block going to SSH. They say excess control policy block you. But first path look at is going. I say you are fastpath. You can go without excess control policy. You can do ping. This is the last thing to clear to you and I believe there is nothing else. Let me quickly go to yeah, that’s it. Now I can take your questions.

46. Lecture-46:Introduction and Concept of SSL Decryption Policy FTD.

Our next policy is SSL decryption policy. Okay, what is SSL decryption policy? First you need to know SSL. You know, in CCNP we discuss in other two firewall, we also discuss the same thing, SSL. It’s very important for firewall test. The slide I took from CCNP and Palo Alto and also in FortiGate we study this one. SSL means secure circuit layer. And there is another concept, TLS transport layer security. Both are used for security purpose, web server and web browser. So whenever we access any website which is Https suppose I’m going to let me capture and show you. So if I start wireshark here is there is a detailed video about this one I just want to show you. So I’m connected through Ethernet. And if I go to suppose Facebook. com. So this is Https, there is a small icon.

So this connection is secure. And this the certificate Facebook. com DG cert they are using. It is the validity and this certificate path. And these are the detail if you go there. So everything is mentioned in this certificate DG cert and all those stuff are mentioned. Okay? And if I come here and type SSL, so there is a yellows. They say that if I go there, they say SSL is deprecated. They say SSL is deprecated in the favor of TLS. So it means SSL and TLS is the same thing. Even I type SSL is showing me TLS. So SSL is not anymore. It’s been replaced by TLS. Okay, so let me stop this. I don’t need. Okay, so these two protocol used for the same purpose. But there is a minor difference between SSL and TLS. Both are working almost similar. SSL was developed by Netscape in 1994. NTLs was developed by IETF Internet Engineering Task Force. So in early days we were using SSL, but later on there were some bugs and it’s been compromised. So it’s been replaced with transport layer security, TLS. So now everywhere I’m not going in more detail. We discuss this in CCNP and other courses. So what happened? Then we adopt TLS. So SSLs version one, two and three. TLS is one, one point eleven one 1. 2, I believe. Here is 1. 2, is showing us why we are stating SSL and TLS. Because this SSL and TLS, whenever you open any Https website, so it encrypted. Now this traffic up facebook is encrypted from my browser. Till what? Till Facebook. com.

So it’s encrypted so nobody in the middle can see my traffic. And when I open a browser, so it will send SSL connection request. Then the Facebook response me their certificate detail and every browser there is a lot of certificate. They will check their detail. If we go to where is sitting and if I go to privacy here and there is certificates, it’s better to search it things to end security. And there should be certificate. So it’s better to search certificate. Here is if I go to certificate, here is my certificate and trusted root certificate. Look at a lot of certificates. So which one they are using? So Facebook is using I need to close this one. Okay. And here they are using digital Cert. So digits that have a private certificate in every detail here if I search here, so it should be interested digi Cert. Yeah here is so every browser by default they have all the certificate. So what they will do, they will check the detail. Then the client verify the certificate. Then they will exchange the encrypted session key and the client will also end. After that encrypted traffic will start. That’s why if we go there so first hello sent by user client. So whenever I open up my browser from 100 707 is my PC. And so what they will do, they will send a client hello. Server will reply with client hello. Client hello and transport layer security means TLS. So what they send, they send client hello and this client hello. They send these details and client hello.

Okay, which method to use which they can support. And so many encryption method cypersuit like which encryption method to use and a lot of other things. Keep in mind it’s very important. Study my video in detail in every interview they are asking you because firewall and next generation IPS IDs. Firewall is nothing without SSL decryption. They can do nothing for you. Useless. Because nobody is using Http. So that Firewall will help us. Every traffic is SSL based TLS based Https based SSH base. So these for wall are nothing without SSL decryption policy. And definitely behind the scene how SSL is working. You need to know this one. So climb will sense that I can support this encryption method. We discuss this in detail other courses and we will discuss here in VPN section as well. So server will reply that okay, I support this one. And let’s start to use this one cyper suit. They choose this one shah that okay, it’s good for me. Let’s use this one. And they handshake and all these things. And after this client hello. Then there are three, four more thing which is not here s not capture. And then the data is being start encrypted. But before these two there are other things as well which I mentioned here. The first one is client hello.

So the client browser send this which is a server I can support. And these are I can support servers say okay, let me pick this one, I can support this one, okay. And they start encrypted. Then server exchange the key. They exchange their certificate, their key, their detail and the client browser will check. Because this is by default here I show you many of them. There the public key and signature by default in every browser. Why is showing me this one, this error? Because this certificate is not installed in this browser. Because I’m using local one. But this one is not showing this because this certificate is already from Digi Cert. So Digi Cert know that this certificate I give it to Facebook so they will say okay so there will be no error. Okay so here I was okay so they will exchange and they will verify all these things and client this hello is done. Then client key exchange. They will exchange a key hidden key and then they will accept and after that encrypted traffic will start. And that’s why you can see this is encrypted traffic. And it’s like a VPN between server. And that’s why we are using internet, going our banking website, doing our transaction and everything because we know this is secure and everything send and receive. Nobody can see beside the server and client. So let me close this one. So this is the story of SSLN TLS why I’m telling you this story? Because if you are not using SSL decryption policy FTD any firewall can do nothing. The traffic will pass through Firewall because this is SSL and firewall will say that I cannot open this packet can only be opened by Facebook and the browser who is sending and I’m not a browser the client and neither I’m a Facebook to open this one I may give you example of Facebook. It can be any server.

So what will happen? It means you can download malware, you can download Malaysia software, you can go any illegal website, you can do anything. So the user which is insert in the land, they can do anything because they are using TLS and SSL connection. So what we need, we need men in the middle and to inspect this traffic SSL and TLS. So what we will do, we will give authority to our firewall rather than to use a Facebook certificate we will say that every user when they’re going out they have to use firewall certificate, everyone has to connect to suppose they are going to Facebook. So they will go to Firewall. Firewall will forward the traffic to Facebook and when the traffic came back from Facebook they will give it to that user. So it’s like a man in the middle. So the certificate which will be used, neither it will be a Facebook one, neither it will be a client one. So it will be a local certificate by Firewall. So if you have the authority of certificate then you can open the file, then you can open the transaction and everything and this way we will check whatever a user is sending. So this user if they go directly without this FTD and they are using SSL without SSL decryption policies there, then this Firewall can do nothing. SSL traffic will pass and it will return and they will download malicious software and FTD will do nothing. That’s why we need SSL decryption to decrypt the SSL packet to inspect them and then they send them. So in this way the encrypted traffic, it will be decrypt by firewall. But you need to apply SSL decryption policy. They will inspect them the connection and then they will send it back to the user. This is called SSL forwarding proxy because there is reverse proxy as well. There is hop proxy as well. There is full proxy as well. Those concepts are different which we discuss in F five LTM fibrotic means only user and inside when they are sending traffic to outside. So in this way if you apply SSL decryption policy and firewall you can prevent the malware to download. You can prevent the client to go without illegal website either malaysia either malware either, any other thing without your permission.

And whatever you have blocked, it will be blocked. You know when we were blocking Facebook so sometime it’s going so I told you that because of SSL and I was always typing Http to show you the banner, you remember in the banner class. So that’s why. So this far wall will be reside between internal client and outside server. So whenever internal user going to outside so it will use firewall certificate and firewall will be connect to the Facebook and outside server and outside server will give everything to Firewall. Firewall will check if it is okay then they will give it to the client. And this way there is a visibility, there is a control, there is a security and there is you can block whatever you want. But without the SSL decryption you cannot block many SSL based, NTLs based and Https based traffic. So this firewall is like a men in the middle. Okay so now we know so we will need and we will generate self signed certificate in firewall and FTD. So it means the authority will be with FTD now. So when the client sending a packet, so it will be firewall SSL inspection they will inspect so the client hello which was sending before directly and we capture to the Facebook. It will be sent to the firewall. Firewall will send client hello to the server. Facebook facebook will send hello and all the details to FTD firewall, firewall will check everything and then they will give it to the client. So it’s like a man in the middle. But if you are not using SSL forwarding and you are not using SSL inspection so what will happen? Client will send directly hello to Facebook and then there will be a tunnel between these two. And in the middle they will just watching what’s going on. They will see nothing in the traffic and they will allow they will say no, I cannot see anything. It’s like SSL traffic going and coming and I don’t know what’s going on. So that’s why we need. So now this is the story of SSL decryption. Now there are some method when we use this policy, one of them is decrypt and resign. This is what we need decrypt resign method. Because when we create SSL policy here if we go to policy, there is SSL policy, okay? By default, there is no SSL policy. You can create new SSL policy. Suppose I say SSL policy you can give a description and by default action do not decrypt? You can block and you can block with reset and I say save let me edit now this policy so this policy is here.

Now. I need to create a rule. Just like any excess policy. Add a rule. These are the action. They say they decrypt and resign. Decrypt? Non key. Do not decrypt. Block with reset and monitor. These are the action which you can take an SSL policy. And these are we are discussing. The first one is decrypt and resign. That’s what we need most of. The time when a user from LAN going to public website. So our firewall will be made in the middle. The handshake will be between the firewall and the lane user. Then from the firewall to the EWEB server and the firewall will decrypt the packet. It will check if everything is okay. If it is not allowed, they will block them. If it is allowed, they will send the detail. That’s why it’s called decrypt. Decrypt the SSL packet and then resign and resign and send it to the web server. Done. This is one method which we will use. But it’s required a client browser certificate in every client sorry. And in your lane you need to install for wall certificate. Because by default every website CA is already there. I show you. I already showed to you. There are many by default. But the firewall Win will be not there by default. You need to export them and you need to install. Then this method will work. Decrypt and resign. Okay? So the packet came here. Firewall. Decrypt them. Then this. Resign and send it to Facebook. Facebook sent to firewall. Firewall. Decrypt them again. Check everything is okay. No malware, no file, no nothing. Then it will give it to the client. This is called decrypt. Resign then. Next, here is decrypt non key. There is another action. Non key method is reversed. Maybe you have a web server inside in your DMZ. So the people will access from outside. Not the server is going outside, but the outside user will come to access your server. So in that case, you need to know non key method. You need to protect their server from external attack. So this is reverse method of the first one. Non key method. Then do not decrypt. Simple as that. I don’t want to decrypt sum up website traffic. I don’t want to check like a medical, like a medicine, like financial, like maybe some sensitive data which you are not allowed to decrypt and check by law. And UK and other countries. One of them is your medical record.

Nobody can see your end. Decrypt them too. It’s not allowed by default. And some other thing like a banking website when you visiting here. Because these are legitimate and good websites, no need to decrypt them. So you can do that. So it will be not it’s encrypted and directly it will send and firewall will not check them. So there’s another method which is here do not decrypt. Then there is a block and block with reset. Simple as they block these traffic, whatever you mentioned them. It’s like a simple when we are using block, okay? So it will block them. So these action are here, I’ll show you. And block with reset means it will send TCP reset connection as well to the user that your connection is reset. So this is called SSL policy. We use this policy to control dealing with encrypted traffic. Okay? And the last thing we need to use this SSL policy to integrate them to access control policy. Because all policy get together with access control policy keep in mind so here is this is access control policy. You need to integrate all these policies. You can see intrusion, malware, file DNS, identity, SSL. Yesterday we integrate pre filter to access control policy. Today we going to integrate this SSL also to access control policy this is required. We need to check this the last thing. So this is the way how the things are working. If you don’t want to decrypt, it’s also possible to create a rule for some website. You can also decrypt and maybe you don’t want to decrypt and maybe you want to block some website straight away. So all these are possible solution and SSL decryption policy. In our case we will create just one policy to decrypt all the traffic. But in real world, financial website, medical website, it has to be excluded the right category. It’s very easy to do it. Then in real world you will face one more issue. Some website when you decrypt them, it’s not working some website, maybe it’s not financial, maybe it’s not medical, maybe it’s not banking. So when you face such issue in real world, so you also need to put that website and do not decrypt list. That’s the only thing you need to remember in real world. And as for interview question, so normally they are asking what is suppose if we have SSL connection from a user to a server. So do you think firewall will block this one or not? They will ask you such that question you will send know until and unless you have SSL decryption policy and firewall. Otherwise firewall is just good for nothing. Okay, done.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img