Thursday, July 1, 2010

Common questions from firewall admin to user

  1.  What is/are the firewall/s name/ip address/es
  2.  What is/are the source/s and destination ip address/es
  3. What application/s and protocol/s are they using to access the server/s
  4. Can they access any other server using the same application and protocol
  5. Traceroute result from the source to the destination address
  6. Has this worked before? (if it worked, the possibilities of some changes has been done to the firewall or network devices or server) 
  7. When did it stop working? / When was the last time that worked?
  8. How many users affected?
  9. Has the client or host made any changes or upgrades or patches recently
  10. What version of VPN software is the client using.
  11. What is the incident number (if you are using the ticketing system so we can keep track what happened.)
  12. Reboot!
Also I always start a remote desktop session using logmein.com or some other software. Speeds up the entire process when you can see the clients desktop.

Reference:
https://supportforums.cisco.com/thread/2027995
http://www.governmentsecurity.org/forum/index.php?showtopic=31184&st=0&p=199417&hl=firewall&fromsearch=1&#entry199417
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Related post:

Related Posts with Thumbnails