Sec350‐Lab3 - ConnorEast/Tech-Journal GitHub Wiki

Command

	Section	Purpose
Firewall commands
configure	Fw01
set nat source rule 30 description "MGMT TO WAN"	Fw01 > Edit
set nat source rule 30 outbound-interface eth0	Fw01 > Edit
set nat source rule 30 source address 172.16.200.0/28	Fw01 > Edit
set nat source rule 30 translation address masquerade	Fw01 > Edit
set service dns forwarding listen-address 172.16.200.2	Fw01 > Edit
set protocols rip interface eth2
set protocols rip network 172.16.50.0/29
delete system syslog host 172.16.50.5
commit save	Fw01 > Edit
MANAGEMENT FIREWALL
configure	fw-mgmt01
set system host-name fw-mgmt01
set interfaces ethernet eth0 description sec350-lan
set interfaces ethernet eth1 description sec350-mgmt
set interfaces ethernet eth0 address 172.16.150.3/24
set interfaces ethernet eth1 address 172.16.200.2/28
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set nat source rule 30 description "MGMT-LAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set service dns forwarding listen-address 172.16.200.2
set nat source rule 30 translation address masquerade
set service dns forwarding allow-from 172.16.200.0/24
set system name-server 172.16.150.2
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
commit save
Jump SEC 350
cd /etc/netplan
vi 00-installer-config.yaml
sudo netplan apply
sudo hostnamectl set-hostname wazuh-East

Deliverable:1

Deliverable 2: Web server connectivity

Deliverable 3

Deliverable 4

Deliverable 5

Deliverable 6

Deliverable 7

Command:

fw01-east	FW-mgmt01
set interfaces ethernet eth0 address '10.0.17.132/24' set interfaces ethernet eth0 description 'SEC350-WAN' set interfaces ethernet eth0 hw-id '00:50:56:a1:3c:11' set interfaces ethernet eth1 address '172.16.50.2/29' set interfaces ethernet eth1 description 'SEC350-DMZ' set interfaces ethernet eth1 hw-id '00:50:56:a1:27:b4' set interfaces ethernet eth0 address '172.16.150.2/24' set interfaces ethernet eth0 description 'SEC350-LAN' set interfaces ethernet eth0 hw-id '00:50:56:a1:f5:40' set nat source rule 10 description 'NAT FROM DMZ TO WAN' set nat source rule 10 outbound-interface 'ETH0' set nat source rule 10 source address '172.16.50.0/29' set nat source rule 10 translation address 'masquerade' set nat source rule 20 description 'NAT FROM DMZ TO WAN' set nat source rule 20 outbound-interface 'ETH0' set nat source rule 20 source address '172.16.150.0/24' set nat source rule 20 translation address 'masquerade' set protocols rip interface eth2 set protocols rip network '172.16.50.0/29' set protocols static route 0.0.0.0/0 next-hop 10.0.17.2 set service dns forwarding allow-from 172.16.50.0/29 set service dns forwarding allow-from 172.16.150.0/24 set service dns forwarding listen-address '172.16.50.2' set service dns forwarding listen-address '172.16.150.3' set service dns forwarding listen-address '172.16.150.2' set service dns forwarding system set service ssh listen-address '0/0/0/0' set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system login user vyos authentication encrypted-password [~~REDACTED~~] set system login user vyos authentication plaintext-password '' set system ntp server time1.vyos.net set system ntp server time2.vyos.net set system ntp server time3.vyos.net set system name-server '10.0.17.2' set system syslog global facility all level 'info' set system syslog global facility protocols level 'debug'	set interfaces ethernet eth0 hw-id '00:50:56:a1:3a:2a' set interfaces ethernet eth1 hw-id '00:50:56:a1:cc:4b' set interfaces loopback lo set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system login user vyos authentication encrypted-password [~~REDACTED~~] set system login user vyos authentication plaintext-password '' set system ntp server time1.vyos.net set system ntp server time2.vyos.net set system ntp server time3.vyos.net

Sec350‐Lab3 - ConnorEast/Tech-Journal GitHub Wiki

Deliverable:1

Deliverable 2: Web server connectivity

Deliverable 3

Deliverable 4

Deliverable 5

Deliverable 6

Deliverable 7

Command:

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️