Don't Make The Mistake I Made With CCSA NGX

[ratanjai]

Hi Pulkit...
i m going to appear in the CCSA soon..did u get some dump or study material?
if you have kindly share it with me please

Thanks.

[cqliuke]

B. Host-based port scan is enabled, because SmartDefense settings are global.

[msjouw]

Another one that is a bit crappy:
QUESTION 85
How can you reset Secure Internal Communications (SIC) between a SmartCenter
and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority
(ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway
from SmartDashboard.
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication
option and retype the activation key. Next, retype the same key in the gateway object in
SmartDashboard and reinitialize Secure Internal Communications (SIC).
C. From the SmartCenter Server's command line type fw putkey -p <shared key> <IP
Address of SmartCenter Server>.
D. From the SmartCenter Server's command line type fw putkey -p <shared key> <IP
Address of Security Gateway>.
E. Reinstall the Security Gateway.

Answer: B
Which would be correct if it would read "From cpconfig on the Security Gateway"
Explanation:
And this:
Note: The B option (Secure Internal Communication) is available in NG R55. We don't have something like this in NGX R60 or NGX R61.

I thought only in a non distributed setup this would NOT be there.

Regards, Maarten

[maxfactor]

Quote:

Originally Posted by david

this is just my understanding, may be wrong ;-)

if you clear/untick "Translate destination on client side" the nat will be performed on the internal interface of your firewall, rather than the external interface.

if this is the case the packet will not get to the firewalls internal interface as the routing on the firewall would send packets bound for public IP to the external interface. so you need to add a static to point the nat rules public ip to the internal interface of the firewall so that the nat can be performed.

Please, I agree... but can you give me a practical example with real ip addresses ?? PLease... I miss something to understand well...