|
Home > Archive > Check Point > November 2001 > Question on ccsa ? FTP & ( LDAP ) & SECRUITY POL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Question on ccsa ? FTP & ( LDAP ) & SECRUITY POL
|
|
| zarcoff 2001-10-31, 8:58 am |
| Could any one please answer the following.
1) what is FTP PASV ? is it ftp with authentication ?
2) Full exeplenation of LDAP ?
3) For CCSA do i need to know all secruity policy editor properties, or just the secruity policy tab ?
thanks all | |
| Kickboxr 2001-11-01, 9:03 am |
| LDAP...
Lightweight Directory Access Protocol.
This is a protocol designed to communicate over x.500 and provide access to resources (file, etc) without incurring the typical resource requirements. Designed to compliment DAP.
Typically used forsimple management applications, and browser applications.
For example Windows 2000 is built on LDAP. LDAP provides the communication linkage for the Active Directory structure. LDAP since communicating on the x.500 structure, it is dependant on DNS for naming conventions like srv1.mountain.com
NOW as far as FTP PASV....
It deals with the mode of the FTP client through NAT. Typically, ((ACTIVE MODE)) the FTP client and the FTP server communicate and will say, ok, Im going to send you the file now on port xxx... When it hits the NAT gateway, it is coming in on a port that is not expected, so it is dropped. causing problems GETing files from the server. This is when the client is in Active mode (the default setting for FTP.)
THE PASV means passive mode...In PASV (passive) mode, port 21 is always initiated by the client for control and port 20 is always initiated by the client to receive data. This makes it NATable. Most FTP clients are set to Active mode by default and must be told to switch to PASV mode.
I hope this helped you, good luck! | |
| zarcoff 2001-11-01, 9:46 am |
| Thanks kickboxer | |
| Kickboxr 2001-11-01, 9:49 am |
| No problem  | |
| zarcoff 2001-11-06, 4:22 am |
| Could you tell what i should really know for the ccsa exam, i have the course ware book, but i feel the matriel isnot going to do it .
plus are the question in the course ware book like the exam casue there to easy.
thanks | |
| Kickboxr 2001-11-06, 7:49 am |
| To be honest with you, you need alot more than the courseware book!!! I found that courseware to be very basic!
Make sure you do lots of labs... Set it up at your house. pay attention to how it works..
set it up step by step, and pay attention to what you can and cant do.
Like, set up FTP rule, and see if you can communicate to an FTP server on the internet... See how ICMP messages work across the firewall... (PING TRACERT)
go to checkpoints website, and read ALOT of their white papers on the product. Like NAT, and authentication, etc...
Read the manuals on the eval CD.
Get the administrators guide, and read that...
DO all of that, and you will do well on the test. And you will be well on your way for CCSE as well! | |
| Kickboxr 2001-11-06, 7:50 am |
| Oh, and know your GUIs... | |
| zarcoff 2001-11-06, 8:11 am |
| firstly thanks again great help.
I was told for the ccsa to know the GUIs, more than any thing, i gather from your responce this information was not complete.
thanks again | |
| Kickboxr 2001-11-06, 8:32 am |
| No, not alot on the guis.....
You will be given a couple of rules, and you will be asked what will happen, or maybe given several to choose from, and be asked which will do this...etc...
But you will have to know some commands, (The ones not in the courseware)
know the ports that is used for communication. Like between the modules etc...
Know your default settings, etc...
I do have a study guide, it contains the port numbers, default settings, command references, how tos, authentication breakdowns, NAT breakdown and how to, etc...
its about 21 pages right now. If you have any notes from the class, or information youve worked out, you can send me what you have, and ill send you my complete study guide free of charge...
If you dont have anything like that, you can get the guide from me for 10.00. I have been selling them on Ebay, and people so far seem to like it!
I will also be doing one for the CCSE.
But I will also answer any questions you have anytime.
Good Luck!
Oh, and the test questions are worded badly!!! like for example, theres a scenario question that askes if the required objective is met or the desired objectives were met etc... But none of those are identified... (Wonderful!!) | |
| zarcoff 2001-11-07, 5:12 am |
| You,ve been a great help, thanks KICKBOXER.
P.S. I WILL BE PAYING EBAY A VIST |
|
|
|
|