|
Home > Archive > Check Point > November 2001 > ccsa exam use boxxx 1,2,3 test?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ccsa exam use boxxx 1,2,3 test?
|
|
| kencheng888 2001-11-20, 9:28 am |
| Hi all,
I got all the ccsa exam of boxxx 1,2,3 test.
which one is best for the real ccsa exam?
Can any passed ccsa exam ppl give their great advice?
I also got the exam-axxxxx 150 Q&A. Can I use exam-axxxxx enough to pass the ccsa exam.
If I study the boxxx 1,2,3 test, It waste my time ma?
Thank you for any advice!!!
send to me kencheng555@yahoo.com
Ken Cheng | |
| Kickboxr 2001-11-20, 1:41 pm |
| Ken, I feel bad the way that guy stiffed you on your notes!!!
Which version are you studying for?
I dont think any of the sample tests are any good.
The CCSA test is poorly written, and your best bet is the coursware, with my study guide, and some hands on... Forget the practice tests!!!!
I will give you my study guide since you were stiffed on your last deal by that other guy. I usually sell them, but as I have been helped, I will help you as well....
Also feel free to ask me any questions. | |
| zarcoff 2001-11-21, 5:32 am |
| KICKBOXR
Could you fully explain NAT and there modes.
and why use the local.arp directory on NT.
please explain NAT its confussing me thanks
thanks | |
| Kickboxr 2001-11-21, 1:35 pm |
| Ill try to simplify it real quick...
NAT
Network Address Translation,
think of it as a way to handle the private addresses that a company or yourself may use on your internal network, and allow access to the internet.
With NAT, you can use those private addresses like 192.168.x.x etc, placed behind a NAT system, and the NAT will translate the IP Addresses to usable addresses before sending them out on the internet. In order to keep track of the who from where issues, the NAT system will use different port numbers so the email that one person is trying to get doesnt get mixed up with the Morpheus that another is downloading.
Its really a simple concept, TCP does the same thing, but for its own system, the idea of NAT is to use the same basic structure, but to break down the ports even more to unassigned, or non-"well Known" ports...
Now what are our options with Checkpoint?
Remember CheckPoint is not the only NAT service out there......
With CheckPoint, we have to look at how we want to be represented on the internet or public networks...
If we have a pool of public addresses, we can use that pool to represent a certain range of private addresses. This idea is good for those who will do teleconferencing or other apps that require to know exact IP addresses of origination. This allows you to do so, without exposing the actual IP address of the private network. (Security)
Another option is to let the IP address of the public interface of the NAT machine represent everyone in the private network. (most common). This is for the average user, the majority of your company....
What about our webservers, etc...
Well, those must be represented by static IP addresses, so we can still put them behind the firewall, using NAT, and do a static mapping of a defined public IP address to the web servers private IP address...
NAT will translate the public and the private for both directions....
As far as the Static destination.... Static Source....
Its simple too, think of which way the traffic is going....
Web sercver.... Static destination or source???
Joe the user??? Static destination or static source???
Actually it could be either...
See the destination or Source is when it it translated.. In earlier versions of FW1, it was all done on the server side, meaning routing tables could get big since the packets had to be routed first, then translated... now we can do Static Destination... meaning the packet is translated prior to being routed....
Now the local.ARP
This can be done automatically, and not that you have to do it, we can do static nat without this but requires rebooting the machine.... (Main reason to use the local.arp file)
this creates a virtual interface without assigning the ip address you wish to assign to the internal host. So we look at the steps.
after we create the static map, we create the local.arp file
1. Create a file named 'local.arp' in the $FWDIR\state' directory.
2. Open the file in a text editor and use the following syntax to enter one line into the file followed by [Enter]: <valid IP address of Network Address Translated Host> <MAC address of external interface of Firewall>
3. Save 'local.arp' (ensure it does not have .txt extension).
4. Use fwstop and fwstart to restart the firewall.
(this is quicker than re-booting the machine)
you can also have the local.arp file automatically created as well..
If we dont use the local.arp file.... we would have to go into the TCP/IP settings of our machine, add the ip address physically to the interface, and then reboot.... (you are thinking you dont have to reboot with 2000?? Well, technically yes, but do you want to troubleshoot NAT problems that would be fixed with a reboot of the machine?)
Hope that helped, let me know.... | |
| zarcoff 2001-11-22, 5:15 am |
| Thank kickboxr
NAT is much cealer now.
Question: in the rule base were should you put a authentication rule, should it be for the stealth rule or like checpoint say the steaith rule be the first rule in the rule base, in which it should go aftear the stealth rule ?
thank you | |
| Kickboxr 2001-11-26, 2:04 pm |
| In most cases, it should go before the stealth rule...
Remember, the rules are checked in order. Once the packet achieves one of the rules, the packet is either passed or dropped based upon that rule. There fore, in most cases, if the stealth rule is before the authentication, then there would never be any authentication since the stealth rule would drop the packet. | |
| zarcoff 2001-11-27, 5:53 am |
| thank you kick boxr.
I got CCSA by Examcram, what are your thoughts it seems to me that the question are two easy.
I will also be geting the CCSA study book next week any thoughts ?
You've been a great help its all becoming clear.
thanks
ZARCOFF | |
| Kickboxr 2001-11-27, 3:33 pm |
| I am not sure about the exam cram... Have not looked at it... But I have heard whispers it was pretty good... My experience with exam cram is it is full of errors... So If you can spot the errors, then I guess you would be ready for the exam... LOL....
There is a new CCSA book coming out. I am hoping it will be full of good informtion. I have mine ordered, even though I dont need it, I would still like to read it. Ill let you know when I get it if its good... It usually takes me a day or two to read those books. | |
| zarcoff 2001-11-28, 10:43 am |
| THANK YOU KICKBOGR
Please let me know what you think off the CCSA study book as i have one on order.
thanks
zarcoff |
|
|
|
|