Interview Questions

(NETWORKING)

🔹 CCNA Interview Questions (Beginner Level) — Step-by-step answers.

🔹 CCNA Interview Questions – Step-by-Step Answers

1. Name the 7 layers of the OSI Model and explain their functions.
Layer No. Layer Name Function

7 Application User interface (e.g., browsers, email apps).

6 Presentation Data format, encryption, compression.

5 Session Establishes, maintains, and ends communication sessions.

4 Transport Reliable delivery using TCP/UDP, ensures error recovery.

3 Network IP addressing and routing (e.g., routers work here).

2 Data Link MAC addressing, switches operate here, error detection.

1 Physical Physical transmission (cables, signals, bits).

2. What is the difference between an IP address and a MAC address?

IP Address MAC Address

Logical address (assigned by DHCP) Physical address (burned into NIC)

Used to identify a device on a network Used to identify a device on a LAN

Changes based on network Fixed, globally unique

Layer 3 (Network layer) Layer 2 (Data Link layer)

3. What is subnetting and why is it used?

Answer:
Subnetting means dividing a larger IP network into smaller networks (subnets).
Why?
  Efficient use of IP addresses
 Better network management
 Reduced broadcast traffic
 Improved security

Example:
Class C: 192.168.1.0/24 → Two subnets: 192.168.1.0/25 and 192.168.1.128/25

4. What is a VLAN (Virtual LAN)?

Answer:
A VLAN is a logical group of devices within a LAN that can communicate as if they were on the
same physical network — even if they are not.

 Reduces broadcast traffic

 Improves security
 Enables better network management

Example:
HR department in VLAN 10, IT in VLAN 20, even if they are on the same switch.

5. What is the role of DHCP and DNS in a network?

Protocol Role

DHCP Automatically assigns IP addresses to devices.

DNS Converts domain names (e.g., google.com) to IP addresses.

6. What is the difference between TCP and UDP with real-world examples?
TCP (Transmission Control Protocol) UDP (User Datagram Protocol)

Reliable, connection-oriented Unreliable, connectionless

Slower but ensures delivery Faster, but no guarantee of delivery

Uses 3-way handshake No handshake

Example: Web (HTTP), Email (SMTP) Example: Video streaming, DNS, VoIP
7. What is the difference between a switch and a router?
Switch Router

Connects devices in a LAN Connects multiple networks (e.g., LAN to WAN)

Works at Layer 2 Works at Layer 3

Uses MAC address Uses IP address

No routing Performs routing

8. What is an Access Control List (ACL) and how does it work?

Answer:
ACL is a set of rules that control traffic into or out of a device (like a router or firewall).

 Can allow or deny traffic based on IP, port, protocol.

 Applied to interfaces (inbound or outbound).

Example Rule:
Deny all traffic from 192.168.1.10 to 192.168.2.0/24

9. What are the types of NAT (Static, Dynamic, PAT)?

Type Description

Static NAT One-to-one mapping between private and public IPs

Dynamic NAT Private IP mapped to any available public IP from a pool

PAT (Overload) Many private IPs mapped to one public IP using different ports

10. What is the basic difference between RIP and OSPF routing protocols?
RIP OSPF

Distance vector protocol Link-state protocol

Uses hop count Uses cost based on bandwidth

Max 15 hops No hop limit

Slower convergence Faster convergence

Easy to configure More complex but efficient

🔻 Extra CCNA Questions with Answers:

11. What is a collision domain?

Answer:
A space where data packets can "collide" in a network.
Switches break collision domains; hubs do not.

12. What is a broadcast domain?

Answer:
A group of devices that receive broadcast frames.
Routers break broadcast domains; switches don’t (unless VLANs used).

13. How does ARP (Address Resolution Protocol) work?

Answer:
ARP maps an IP address to a MAC address in a local network.
Uses broadcasts to ask: "Who has 192.168.1.1?"

14. What is the purpose of the default gateway?

Answer:
It's the router that sends traffic to outside networks when the destination is not in the local
subnet.

15. What are the benefits of using VLANs?

 Isolates traffic
 Reduces broadcasts
 Adds security
 Logical grouping of users
16. What are trunk ports?

Answer:
Trunk ports carry traffic from multiple VLANs between switches using tagging (802.1Q).

17. What is inter-VLAN routing?

Answer:
It allows communication between VLANs using a router or Layer 3 switch.

18. What is Port Security and how is it implemented?

Answer:
Port security limits which MAC addresses can send traffic through a switch port.
Used to prevent unauthorized access.

19. What is CDP and LLDP?

CDP LLDP

Cisco proprietary Vendor-neutral

Used for neighbor discovery Used for network device info sharing

20. What is the difference between static and dynamic IP addressing?

Static IP Dynamic IP

Manually assigned Assigned by DHCP automatically

Used for servers, printers Used for client devices

✅ CCNP Interview Questions with Answers (Advanced

Level)
1. Explain how OSPF works and describe its states.

Answer:
OSPF (Open Shortest Path First) is a link-state routing protocol that uses cost (based on
bandwidth) to find the best path.

🔹 OSPF States (Step-by-Step):

1. Down – No Hello received

2. Init – Hello sent, waiting for response
3. 2-Way – Both routers see each other (bidirectional communication established)
4. ExStart – Master/slave decide who sends database first
5. Exchange – LSDB (Link State Database) starts exchanging
6. Loading – LSRs sent to request unknown LSAs
7. Full – Full neighbor relationship established (ready to route)

2. What is BGP and where is it used?

Answer:
BGP (Border Gateway Protocol) is a path-vector protocol used to route between different
autonomous systems (AS) — typically used on the internet.

🔹 Key Features:

 Exterior Gateway Protocol (EGP)

 Uses AS-Path, Local Preference, MED
 Port 179
 Used by ISPs, large enterprises

3. What is route summarization and why is it useful?

Answer:
Route summarization means combining multiple routes into one to reduce routing table size.

🔹 Why use it?

 Faster convergence
 Lower CPU/memory usage
 Cleaner routing tables

Example:
Instead of advertising:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
You summarize as:
192.168.0.0/22

4. Compare HSRP, VRRP, and GLBP.

Feature HSRP (Cisco) VRRP (Standard) GLBP (Cisco)

Active Role Active/Standby Master/Backup Load Balancer/Backup

Load Balancing ❌ ❌ ✅ Yes

Vendor Cisco only Open standard Cisco only

Virtual IP Yes Yes Yes

5. What is route redistribution?

Answer:
Redistribution allows a router to share routes between different protocols (like OSPF to
EIGRP or RIP to OSPF).

🔹 Used when:

 Merging two networks using different protocols

 Migrating protocols

Command (example):
router ospf 1
redistribute eigrp 100 subnets

6. What is MPLS and how is it different from traditional routing?

Answer:
MPLS (Multiprotocol Label Switching) uses labels instead of IP routing to forward traffic.

MPLS Traditional Routing

Uses labels Uses IP headers

Faster forwarding Slower due to hop-by-hop decision

Layer 2.5 (between Layer 2 & 3) Works at Layer 3 only

🔹 Benefit: Traffic Engineering, VPN, QoS support

7. How would you detect and troubleshoot a routing loop?

Answer:

✅ Steps:

1. Use traceroute to check looping IPs

2. Check routing tables for incorrect routes
3. Look for redistribution errors
4. Use debug ip routing (Cisco)
5. Use TTL values and ping to trace loop
6. Fix by using proper route filtering, administrative distance, and summarization

8. Compare EIGRP with OSPF.

Feature EIGRP OSPF

Type Hybrid (Cisco) Link-state

Metric Bandwidth + Delay Cost (based on bandwidth)

Convergence Fast Very Fast

Load balancing Unequal supported Equal only

Vendor Cisco (now open) Open standard

9. How do IPv4 and IPv6 work together in a dual stack network?

Answer:
Dual Stack means devices run both IPv4 and IPv6 simultaneously.

🔹 Benefit: Gradual migration without affecting old systems

🔹 IPv4 used when possible
🔹 IPv6 preferred when both support it

10. What tools/commands would you use to troubleshoot NAT?

Answer:
🔧 Cisco NAT Troubleshooting Commands:
  show ip nat translations – View active NAT entries
 show ip nat statistics – NAT usage summary
 debug ip nat – Real-time packet translation check
 ping/traceroute – Check end-to-end reachability
 show run | include nat – Verify config

🔻 Extra CCNP Interview Questions (Advanced-Level)

11. What is the difference between Internal and External BGP?

Internal BGP (iBGP) External BGP (eBGP)

Between routers in same AS Between routers in different AS

No loop prevention via AS Loop prevention using AS-Path

Doesn't change next-hop Next-hop is changed

TTL = 255 TTL = 1

12. Explain BGP attributes: AS-Path, Local Preference, MED.

Attribute Use

AS-Path Shows path taken; shortest is preferred

Local Preference Used for outbound routing; higher is preferred

MED (Metric) Suggests preferred inbound route; lower is better

13. What are OSPF LSA types?

LSA Type Name Purpose

1 Router LSA Lists links, states, costs in area

2 Network LSA Lists routers in a multi-access network

3 Summary LSA Advertise between areas (ABR generated)

4 ASBR Summary LSA Info about ASBR

5 External LSA External routes injected (e.g., via BGP)

14. What is route filtering?

Answer:
Controlling which routes are advertised or accepted using:

 Route maps
 Distribute lists
 Prefix lists
Used to enhance control and prevent routing loops.

15. Explain Stub and Totally Stubby Areas in OSPF.

Type Blocks LSA Use Case

Stub Area Blocks LSA 5 No external routes allowed

Totally Stubby Area Blocks LSA 3 & 5 Only default route allowed

Used to reduce routing table size in small branches.

16. What is the BGP split-horizon rule?

Answer:
In iBGP, a route learned from one iBGP peer is not advertised to another iBGP peer —
prevents loops.
✅ Solution: Use full mesh or Route Reflector.

17. What is the use of prefix lists and route maps?

 Prefix list: Filters networks based on IP + mask

 Route map: More advanced filtering — match + set logic
Used in redistribution, filtering, policy routing.

18. What is a floating static route?

Answer:
A static route with higher administrative distance than the dynamic one — used as a backup.
Example:
Main route = OSPF (AD 110)
Backup route = static (AD 200)

19. What is the difference between RIB and FIB?

RIB (Routing Information Base) FIB (Forwarding Information Base)

Control plane Data plane

Stores all routing protocol info Stores best routes only

Used by CPU Used by hardware for forwarding

20. Explain the process of EIGRP neighbor formation.

✅ Steps:

1. Routers send Hello packets

2. If K-values match → neighbors form
3. Exchange of topology tables
4. DUAL algorithm calculates best path
5. Neighbors keep alive via Hellos

✅ Firewall & Network Security Interview Questions with

Answers (Basic + Extra)

1. What are the different types of firewalls (Stateless vs Stateful)?

Stateless Firewall Stateful Firewall

Checks each packet individually Keeps track of active connections

Fast but less secure More secure, checks full session behavior

No memory of previous packets Has memory (state table)

Example: ACL on a router Example: Cisco ASA, Palo Alto NGFW

2. What is the difference between Cisco ASA and Next-Gen Firewalls (NGFW)?
Cisco ASA Next-Generation Firewall (NGFW)

Traditional stateful inspection Deep Packet Inspection + Application Control

 Cisco ASA Next-Generation Firewall (NGFW)

Limited Layer 7 awareness Fully Layer 7 (App-based filtering)

Basic VPN and NAT Advanced Threat Protection, SSL Decryption

CLI based Modern GUI + APIs

3. What is a DMZ and why is it important in security?

Answer:
DMZ (Demilitarized Zone) is a separate zone in the firewall that hosts public-facing servers like:

 Web server
 Mail server
 DNS server

🔒 Purpose: External users can access DMZ but not internal LAN — adds a security layer.

4. What is the difference between IDS and IPS?

IDS (Intrusion Detection System) IPS (Intrusion Prevention System)

Detects and alerts only Detects and blocks threats in real-time

Passive monitoring Active prevention

Example: Snort (IDS mode) Example: Cisco Firepower (IPS mode)

5. Compare packet filtering and stateful inspection.

Packet Filtering Firewall Stateful Inspection Firewall

Checks only headers (source/destination IP, port) Tracks full session (state)

No context of previous packets Context-aware traffic decision

Faster but easier to bypass More secure and accurate

6. How does NAT function on firewalls?

Answer:
NAT (Network Address Translation) hides private IPs behind public IPs.
Firewalls use NAT to allow internal users to access the internet while remaining hidden.
🔹 Types used: Static NAT, Dynamic NAT, PAT (Port Address Translation)

7. What is a zone-based firewall?

Answer:
Zone-based firewall segments network into zones (e.g., Inside, Outside, DMZ).
Rules are created between zones like:

 Inside → Outside: Allowed

 Outside → Inside: Denied unless specified

✅ More flexible than traditional interface-based rules.

8. What’s the difference between port-based and application-based filtering?

Port-Based Filtering Application-Based Filtering

Based on TCP/UDP ports (e.g., port 80) Based on specific apps (e.g., Facebook, WhatsApp)

Less accurate Deep inspection, more accurate

Easy to bypass with VPNs Harder to evade

9. Compare SSL VPN and IPsec VPN.

SSL VPN IPsec VPN

Works via browser Needs client software

Uses SSL/TLS (port 443) Uses IPsec protocol (ports 500/4500)

User-level access Network-level access

Good for remote users Site-to-site or full remote office

10. How would you identify suspicious activity in firewall logs?

Answer:

🔍 Look for:

 Repeated blocked attempts from same IP

 Ports being scanned (Port Scan)
 Unauthorized IPs accessing internal resources
  Sudden traffic spikes
 High hit-count on deny rules
Use tools like SIEM (e.g., Splunk) for log analysis.

🔻 Extra Firewall Interview Questions with Answers

11. What is Deep Packet Inspection (DPI)?

Answer:
DPI examines entire content of packets (not just headers).
It can:

 Block apps (e.g., BitTorrent)

 Detect malware
 Enforce content policies

12. What is Stateful Inspection in a firewall?

Answer:
Tracks connection state (TCP handshake, session) — decides whether the packet is part of a
valid session or not.

Example: If SYN seen first, then only allow ACKs.

13. Explain the concept of Zero Trust Networking.

Answer:
"Never trust, always verify" — no device is trusted, even inside the network.

✅ Requires:

 User authentication
 Micro-segmentation
 Constant verification
14. What is a Security Zone in firewall configuration?

Answer:
A logical group of interfaces. Examples:

 Inside
 Outside
 DMZ
Traffic is controlled between zones using policies.

15. What is UTM (Unified Threat Management)?

Answer:
UTM combines multiple security features into one box:

 Firewall
 Antivirus
 Antispam
 VPN
 Intrusion Prevention

Used in small/medium businesses for cost-effective security.

16. What is the role of NAT-T in VPNs?

Answer:
NAT Traversal (NAT-T) allows IPsec VPN to work across NAT devices by encapsulating
IPsec inside UDP (port 4500).

17. What is application-aware filtering?

Answer:
Firewalls can detect and control traffic by application (not just port).
Example: Block Facebook but allow WhatsApp — even if they use same port.

18. Explain SSL decryption in NGFWs.

Answer:
Firewall decrypts SSL traffic, inspects it for threats, then re-encrypts before sending.
✅ Used to:

 Stop malware hidden in HTTPS

 Enforce content policies

19. What is a firewall “hit count”?

Answer:
Shows how many times a rule has matched traffic.
Helpful in:

 Analyzing rule usage

 Removing unused rules
 Auditing activity

20. Difference between Inbound and Outbound firewall rules?

Inbound Rule Outbound Rule

Controls traffic coming into network Controls traffic leaving network

Used to allow external access (e.g., web server) Used to restrict user internet access

✅ Scenario-Based Interview Questions with Urdu

Explanation

1. A user cannot access the internet but LAN is working — how would you
troubleshoot?

(Ek user internet access nahi kar paa raha lekin LAN sahi chal raha hai — aap kaise masla
hal karoge?)

✅ Step-by-Step:

1. Check IP Configuration
➤ Command: ipconfig
(Dekho user ka IP address, subnet aur gateway theek hai ya nahi.)
➤ Agar IP 169.254 se start ho — to iska matlab DHCP se IP nahi mil raha.
2. Ping Default Gateway
➤ Command: ping 192.168.1.1
(Agar default gateway ping nahi ho raha, to masla local LAN main hai.)
 3. Ping Public IP
➤ Command: ping 8.8.8.8
(Agar ye ping fail ho jaye to masla NAT ya ISP side pe ho sakta hai.)
4. Ping Website Name (DNS Test)
➤ Command: ping google.com
(Agar IP ping ho raha lekin google.com nahi, to DNS ka masla hai.)
5. Check Firewall / NAT Rules
(Firewall ya router par NAT configuration check karo — kahin block to nahi ho
raha?)
6. Check Router/Modem Connection
(Agar sab sahi hai to ho sakta hai ke internet line ya modem issue kar raha ho.)

2. "Duplicate IP Address" error — how will you fix it?

(Network mein duplicate IP ka error aa raha hai — kaise hal karoge?)

✅ Step-by-Step:

1. Identify the conflict IP

➤ (Kaunsi IP duplicate ho rahi hai, usay identify karo — error message ya ARP se
milta hai.)
2. Ping that IP and check MAC
➤ arp -a
➤ (Same IP par 2 alag MAC addresses mil rahe honge — iska matlab 2 devices
same IP use kar rahe hain.)
3. Find devices with static IPs
➤ (Check karo kisi ne manually IP set ki to nahi.)
4. Change one device’s IP or set to DHCP
➤ (IP address change karo ya automatic (DHCP) pe set kar do.)
5. Reserve IP in DHCP if needed
➤ (Conflict dobara na ho isliye IP ko DHCP server pe reserve kar do.)

3. Two VLANs can't communicate — how do you fix it?

(Do VLANs aapas mein baat nahi kar pa rahe — kya karoge?)

✅ Steps:

1. Check Inter-VLAN Routing is enabled

➤ (Layer 3 device (router ya L3 switch) hona chahiye jo routing kare VLANs ke
beech.)
 2. Check VLAN IPs & Subnets
➤ (Har VLAN ka alag IP subnet hona chahiye — e.g., VLAN10 = 192.168.10.0,
VLAN20 = 192.168.20.0)
3. Check Trunk Port Configuration
➤ (Switch pe trunk ports properly set hone chahiye taake multiple VLANs forward
ho sakein.)
4. Check ACL (if any)
➤ (Agar Access Control List lagi ho to wo VLANs ke beech communication block
kar sakti hai.)

4. Write a firewall rule to allow only HTTP and HTTPS to a specific IP.

(Ek aisi firewall rule likho jo sirf HTTP aur HTTPS traffic allow kare ek IP ko)

✅ Rule Example:

bash
CopyEdit
allow tcp from any to 192.168.1.100 port 80,443

✅ Urdu Explanation:
(Ye rule kisi bhi source se IP 192.168.1.100 pe sirf port 80 (HTTP) aur 443 (HTTPS) allow
karta hai — baaki sab deny hoga)

5. How would you verify if NAT is working properly on a router?

(Router pe NAT sahi se kaam kar raha ya nahi — kaise check karoge?)

✅ Steps:

1. Check NAT translations

➤ Command: show ip nat translations
➤ (Ismein dekh sakte ho ke private IP kis public IP se map hui hai)
2. Check NAT statistics
➤ Command: show ip nat statistics
➤ (Dekho packets translate ho rahe hain ya nahi)
3. Check ACL / NAT rules
➤ (Router config mein NAT ke rules theek bane hain ya nahi — access-list bhi
check karo)
4. Ping from inside → outside
➤ (Ek internal device se internet ping karo — agar reply aaya to NAT theek kaam
kar raha)
6. Internet is slow for some users — how would you identify if it’s a Layer 1,
2, or 3 issue?

(Kuch users ke liye internet slow hai — aap kaise pehchaanoge ke issue Layer 1, 2 ya 3 ka
hai?)

✅ Check list:

 Layer 1 (Physical):
➤ Check karo cables, loose connections, NIC card, duplex mismatch.
(Jaise agar cable half duplex pe ho aur switch full duplex pe ho to performance drop ho
sakta hai.)
 Layer 2 (Data Link):
➤ Switch pe load ya broadcast storm ho sakta hai. MAC table verify karo.
(Switch ka CPU high ho sakta hai ya loops hone se network congest ho jata hai.)
 Layer 3 (Network):
➤ Routing loop ya wrong default gateway ho sakta hai.
(Traceroute ya ping ka use karo route verify karne ke liye.)

7. Broadcast storm ho raha hai — kaise rokoge?

(Network mein broadcast traffic itna zyada ho gaya hai ke network slow ya down ho raha
hai — aap kya karenge?)

✅ Solution:

 Enable Spanning Tree Protocol (STP)

(STP loop ko detect karke block karta hai — taake infinite broadcast na ho.)
 Use BPDU Guard / Root Guard
(Access ports pe loop guard lagao taake koi switch galti se connect ho to network crash
na ho.)
 Avoid redundant links
(Extra cable connections bina STP ke broadcast storm create karte hain.)

8. Remote branch VPN down hai — kaise troubleshoot karoge?

(Do offices ke darmiyan VPN connection down hai — kya check karoge?)

✅ Steps:

1. Check VPN tunnel status on both routers/firewalls

(CLI mein “show crypto isakmp sa” ya GUI mein VPN status check karo)
 2. Verify Phase 1 / Phase 2 parameters
(Encryption method, lifetime, hashing match kar rahe hain ya nahi)
3. Check pre-shared key
(Aksar VPN key mismatch hoti hai — dono side same honi chahiye)
4. Confirm ACLs and NAT-T
(Kahi NAT traffic ko block to nahi kar raha? Port 500 aur 4500 open hain?)

9. Site-to-site IPsec VPN banani hai — key steps kya honge?

(Do sites ke darmiyan secure VPN banani hai — aap kya configuration steps follow
karoge?)

✅ Main Steps:

1. Define ISAKMP policy

(Encryption: AES/3DES, Hashing: SHA/MD5, DH group, Lifetime)
2. Create transform-set
(Yeh Phase-2 mein use hota hai for encryption)
3. Configure crypto ACL (interesting traffic)
(Kaunsa traffic VPN se guzregaa — define karo)
4. Apply crypto map and bind it to outgoing interface
(Isse packets VPN tunnel mein jayenge)
5. NAT exemption aur firewall pe UDP 500, 4500 allow karo

10. OSPF neighbor INIT state mein atka hua hai — kya karoge?

(Do routers OSPF pe neighbor ban nahi pa rahe, INIT state mein atkay hain — kya check
karna chahiye?)

✅ Check list:

 Hello packets aah rahe hain ya nahi?

(Agar dusra router hello reply nahi bhej raha to INIT pe hi ruk jata hai)
 Hello / Dead timers match kar rahe hain?
(Dono routers ke timers same hone chahiye)
 Area ID same hai?
(OSPF area IDs mismatch to neighbor ban hi nahi sakte)
 Passive interface to nahi enable?
(Passive interface pe OSPF hello nahi bhejta — check karo)
11. ACL apply ki hai lekin traffic still jaa raha hai — kya check karoge?

(Access control list lagayi hai lekin traffic block nahi ho raha — kaise diagnose karoge?)

✅ Steps:

 ACL ki direction sahi hai? (in/out)

(Galti se wrong direction pe lag gaya ho to effect nahi karega)
 Interface pe apply hua bhi hai ya nahi?
(“show run” ya “show access-lists” se confirm karo)
 Rule syntax theek hai?
(Wildcard mask, permit/deny statement sahi likha hai ya nahi)
 ACL ke end pe implicit deny ya override ho raha hai?

12. Sirf ek user file server access nahi kar pa raha — baaki sab kar rahe hain
— kya check karoge?

(Ek hi user ke sath issue hai — file server nahi open ho raha — kya troubleshoot karoge?)

✅ Check list:

 IP address and subnet correct hai?

 DNS resolve kar raha hai server name?
 Firewall ya antivirus block to nahi kar raha?
 File server permissions mein issue to nahi?

13. Firewall upgrade ke baad internet down ho gaya — kya check karoge?

(Naya firewall laga ya upgrade hua aur ab internet kaam nahi kar raha — troubleshoot
kaise karoge?)

✅ Steps:

 NAT rules missing to nahi?

(Public access ke liye NAT rules zaroori hain)
 Security zones change to nahi hue?
(New firewall mein default “deny” hota hai — allow rules banane padte hain)
 DNS/HTTP ports open hain?
 SSL inspection block to nahi kar raha?
14. DHCP new users ko IP nahi de raha — kya masla ho sakta hai?

(New devices ko IP nahi mil raha — aap kya check karenge?)

✅ Steps:

 DHCP pool full to nahi ho gaya?

 Scope range aur exclusions check karo
 Layer 3 switch pe IP helper-address configured hai ya nahi?
 DHCP server reachable hai ya block to nahi ho raha?

15. Application ka traffic allow hai lekin app kaam nahi kar rahi — kya
karoge?

(Firewall pe port allow hai lekin application chal nahi rahi — kaise troubleshoot karoge?)

✅ Check karo:

 App dynamic ports to use nahi kar rahi?

 Deep packet inspection (DPI) block to nahi kar raha?
 SSL Inspection application ko corrupt to nahi kar raha?
 Application ID mismatch ho sakta hai (NGFW mein common issue)