Tech Journal Week 1 - ArtTHEbard/SYS255FA19-Notes GitHub Wiki

Creating a Firewall

  • Workstations are on a private IP (10.0.0.0) and therefore cannot connect to the internet without the help of a gateway.
  • /24 = CIDR notation (Subnet mask); dictates how many bits of the host id are used for network id, limiting the amount of available IP addresses.
  • The firewall VM acts as a firewall, Gateway, and router.
  • root/Ch@mpl@1n!19

Configuring vSphere (Lab 1)

  • The goal of this lab was to establish a working network using a server VM and a Windows Workstation VM. Within the first Vm, which was running OpnSense, I configured the Vm to act as a firewall connected to a LAN (em1 10.0.5.2) and a WAN (em0 10.0.17.164). In the Workstation VM, I configured the network settings to connect to the same LAN as my Firewall Vm (static ip: 10.0.5.100, Default Gateway: 10.0.5.2, and DNS: 10.0.5.2). Once I was able to establish a connection to the Firewall GUI through the workstation (10.0.5.2 in browser) (see Issues), I configured the firewall to allow traffic to transfer in between the LAN and the WAN that the firewall was connected to. I set up my local domain as samjohnson.local. Once these steps were complete, I was able to access the Internet through the WAN using the workstation (confirmed using tracert command in Powershell).
  • Select 2 to Set interface IP Address
  • Select 2 again to pick the WAN interface
  • Do not use DHCP to configure the WAN IPv4 address
  • Enter your address of 10.0.17.x, where X is your assigned /24 octet
  • You are using a 24 bit subnet mask
  • For the WAN, your upstream gateway is 10.0.17.2
  • Use the gateway as your IPv4 name server as well
  • We will not be using IPv6, respond no when asked about DHCP.
  • Press to bypass IPv6 configuration
  • When asked about HTTP for the GUI, respond no (we want to use secure https)
  • Select 2 again to configure the other Interface's IP Address
  • Select 1 to pick the LAN interface
  • We are not using DHCP
  • Your LAN IP Address is 10.0.5.2. This is the same for every student.
  • You are using a 24 bit subnet mask
  • You do not have an upstream LAN gateway (you are the gateway for the LAN). Press
  • No DHCP
  • Press to bypass IPv6 configuration
  • Do not enable a LAN DHCP Server
  • Do not revert to HTTP

GUI

  • The following are screens where you need to change the default.
  • System Wizard: General Information
  • Hostname: fw1-yourname
  • Domain: yourname.local
  • System Wizard: Configure WAN Interface
  • RFC1918 Networks: Uncheck "Block private networks from entering via WAN"
  • System Wizard: Set Root Password
  • Up to you. If you set it you need to remember it.

Issues

  • I had a major issue during this lab is regards to virtual cable management. I had mixed my interfaces for the LAN and the WAN in the firewall configuration, and because of this, I was unable to connect to the firewall from the workstation.

Topics for further Research

Default Gateway

OpnSense

Tracert

⚠️ **GitHub.com Fallback** ⚠️