+ Reply to Thread
Results 1 to 2 of 2
  1. Senior Member
    Join Date
    Apr 2008
    Location
    Seattle, WA
    Posts
    142

    Certifications
    MCSE 2003: Security, CCNA, CCNP
    #1

    Default CBT Nuggets 70-293 error!

    Hey,

    So I am watching a cbt nuggets video for the 70-293 titled "RRAS Authentication + Policies". Towards the end of the video, the instructor creates an inbound filter for a Remote Access Policy to block https traffic. He creates one filter. In this filter, he configures the source port to be 443 and the destination port to be 443.

    My question is: didn't he configure this filter incorrectly? Https traffic is either source port 443 or destination port 443. The source and destination ports for TCP traffic is rarely the same. Shouldn't he have created 2 filters, the first filter with source port 443, and the second filter with destination port 443? The source and destination ports have to match the filter for it to take action, right?

    In addition to this first error, he states that creating an inbound filter to allow port 21 for a public interface under the NAT/Basic firewall section in RRAS is the same thing as checking FTP Server under the Services and Ports tab. He says, "it's just an easier way in case you don't know what port FTP runs on."

    I thought that an inbound filter is like a firewall access rule, and the Services and Ports tab lists NAT policy translations. Allowing the port in, versus translating layer 3 and layer 4 headers is different, right?

    Anyways, c'mon network dudes out there. back me up on these 2 networking errors that the instructor made.

    Thanks
    Reply With Quote Quote  

  2. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #2

    Default Re: <a href=http://www.cbtnuggets.com/techexams target=”_

    Quote Originally Posted by _maurice

    In addition to this first error, he states that creating an inbound filter to allow port 21 for a public interface under the NAT/Basic firewall section in RRAS is the same thing as checking FTP Server under the Services and Ports tab. He says, "it's just an easier way in case you don't know what port FTP runs on."

    I thought that an inbound filter is like a firewall access rule, and the Services and Ports tab lists NAT policy translations. Allowing the port in, versus translating layer 3 and layer 4 headers is different, right?

    Anyways, c'mon network dudes out there. back me up on these 2 networking errors that the instructor made.

    Thanks
    I still think he is trying to say that if you add a rule and allow it then you can just check in your RRAS configuration which posts you have ready to go or not. It also allows you to flip on and off services as you like.

    Yes the inbound filters act like an access rule but if you just allow the port to come through then nothing really changes. So I'm confused on what you are wondering.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks