migrate to git.charlotte.sh
This commit is contained in:
Charlotte Croce
commit
fbd588721e
412 changed files with 13750 additions and 0 deletions
109
net-sec-controls-sec350/machines/FW01.md
Normal file
109
net-sec-controls-sec350/machines/FW01.md
Normal file
|
|
@ -0,0 +1,109 @@
|
|||
# FW01 Configuration
|
||||
|
||||
## Initial Setup
|
||||
- Change password:
|
||||
```
|
||||
set system login user vyos authentication plaintext-password password
|
||||
```
|
||||
|
||||
## Hostname Configuration
|
||||
```
|
||||
configure
|
||||
set system host-name fw01-charlotte
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## Interface Configuration
|
||||
```
|
||||
configure
|
||||
set interfaces ethernet eth0 description SEC350-WAN
|
||||
set interfaces ethernet eth1 description CHARLOTTE-DMZ
|
||||
set interfaces ethernet eth2 description CHARLOTTE-LAN
|
||||
set interfaces ethernet eth0 address 10.0.17.151/24
|
||||
set interfaces ethernet eth1 address 172.16.50.2/29
|
||||
set interfaces ethernet eth2 address 172.16.150.2/24
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## Gateway & DNS Configuration
|
||||
```
|
||||
configure
|
||||
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
|
||||
set system name-server 10.0.17.2
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## NAT Configuration
|
||||
```
|
||||
configure
|
||||
# DMZ to WAN NAT
|
||||
set nat source rule 10 description "NAT FROM DMZ to WAN"
|
||||
set nat source rule 10 outbound-interface eth0
|
||||
set nat source rule 10 source address 172.16.50.0/29
|
||||
set nat source rule 10 translation address masquerade
|
||||
|
||||
# LAN to WAN NAT
|
||||
set nat source rule 20 description "NAT FROM LAN to WAN"
|
||||
set nat source rule 20 outbound-interface eth0
|
||||
set nat source rule 20 source address 172.16.150.0/24
|
||||
set nat source rule 20 translation address masquerade
|
||||
|
||||
# MGMT to WAN NAT
|
||||
set nat source rule 30 description "NAT FROM MGMT to WAN"
|
||||
set nat source rule 30 outbound-interface eth0
|
||||
set nat source rule 30 source address 172.16.200.0/28
|
||||
set nat source rule 30 translation address masquerade
|
||||
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## DNS Forwarding Configuration
|
||||
```
|
||||
configure
|
||||
# DMZ DNS Forwarding
|
||||
set service dns forwarding listen-address 172.16.50.2
|
||||
set service dns forwarding allow-from 172.16.50.0/29
|
||||
|
||||
# LAN DNS Forwarding
|
||||
set service dns forwarding listen-address 172.16.150.2
|
||||
set service dns forwarding allow-from 172.16.150.0/24
|
||||
|
||||
set service dns forwarding system
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## Zone Configuration
|
||||
```
|
||||
configure
|
||||
set zone-policy zone WAN interface eth0
|
||||
set zone-policy zone DMZ interface eth1
|
||||
set zone-policy zone LAN interface eth2
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## Firewall Configuration
|
||||
copy current configuration from `configs` directory
|
||||
|
||||
## RIP Configuration
|
||||
```
|
||||
configure
|
||||
set protocols rip interface eth2
|
||||
set protocols rip network '172.16.50.0/29'
|
||||
commit
|
||||
save
|
||||
```
|
||||
|
||||
## Syslog Configuration (remove when appropriate)
|
||||
```
|
||||
# When log01 is active
|
||||
set system syslog host 172.16.50.5 facility authpriv level info
|
||||
|
||||
# When log01 is retired
|
||||
delete system syslog host 172.16.50.5
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue