# FW01 Configuration

## Initial Setup
- Change password:
```
set system login user vyos authentication plaintext-password password
```

## Hostname Configuration
```
configure
set system host-name fw01-charlotte
commit
save
```

## Interface Configuration
```
configure
set interfaces ethernet eth0 description SEC350-WAN
set interfaces ethernet eth1 description CHARLOTTE-DMZ
set interfaces ethernet eth2 description CHARLOTTE-LAN
set interfaces ethernet eth0 address 10.0.17.151/24
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24
commit
save
```

## Gateway & DNS Configuration
```
configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
```

## NAT Configuration
```
configure
# DMZ to WAN NAT
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade

# LAN to WAN NAT
set nat source rule 20 description "NAT FROM LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade

# MGMT to WAN NAT
set nat source rule 30 description "NAT FROM MGMT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade

commit
save
```

## DNS Forwarding Configuration
```
configure
# DMZ DNS Forwarding
set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29

# LAN DNS Forwarding
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24

set service dns forwarding system
commit
save
```

## Zone Configuration
```
configure
set zone-policy zone WAN interface eth0
set zone-policy zone DMZ interface eth1
set zone-policy zone LAN interface eth2
commit
save
```

## Firewall Configuration
copy current configuration from `configs` directory

## RIP Configuration
```
configure
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
commit
save
```

## Syslog Configuration (remove when appropriate)
```
# When log01 is active
set system syslog host 172.16.50.5 facility authpriv level info

# When log01 is retired
delete system syslog host 172.16.50.5
```