3.1 Segmentation 1 - Cyber-JL/SEC-350-01 GitHub Wiki

WSK01 Configuration

   IP Address:  172.16.150.50
   Netmask:  255.255.255.0
   Gateway:  172.16.150.2
   DNS:  172.16.150.2
   hostname: wsk01-jude
   newuser: jude

fw01 - LAN Configuration

   configure
   set service dns forwarding allow-from 172.16.200.0/28
   commit
   save

fw-mgmt Configuration

   Network adapter 1: SEC350-01-LAN-jude.lindale
   Network adapter 2: SEC350-01-MGMT-jude.lindale

   configure
   set interfaces ethernet eth0 description SEC350-LAN
   set interfaces ethernet eth1 description SEC350-MGMT
   set interfaces ethernet eth0 address 172.16.150.3/24
   set interfaces ethernet eth1 address 172.16.200.2/28
   set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
   set system name-server 172.16.150.2
   commit 
   save
   exit

mgmt02 configuration

   Network adapter1: SEC350-01-MGMT-jude.lindale
   IP Address:  172.16.200.11
   Netmask:  255.255.255.240 (yes this is a /28)
   Gateway:  172.16.200.2
   DNS:  172.16.200.2
   hostname: mgmt02-jude
   admin user: jude

RIP on FW1 and FW-MGMT

• FW1

   configure
   set protocols rip interface eth2
   set protocols rip network 172.16.50.0/29
   set service dns forwarding allow-from 172.16.200.0/28
   set nat source rule 30 description "NAT FROM MGMT to WAN"
   set nat source rule 30 outbound-interface eth0
   set nat source rule 30 source address 172.16.200.0/28
   set nat source rule 30 translation address masquerade
   commit
   save
   exit
  

• FW-MGMT

   configure
   set protocols rip interface eth0
   set protocols rip network 172.16.200.0/28
   commit
   save
   exit
  

wazuh configuration

   IP: 172.16.200.10/28
   Gateway:  172.16.200.2
   DNS: 172.16.200.2	
   Hostname: wazuh-jude

Update client logging configurations

• web01

   cd /etc/rsyslog.d
   sudo rm sys350.conf
  

• fw1

   configure
   delete system syslog host 172.16.50.5
   commit
   save
   exit