Lab01 - Liam-DiFalco/Sys255-FA24 GitHub Wiki

Lab 01 - Virtual Firewall and Windows 10 Configuration


💡This lab is the very first step in building a small enterprise network and will serve as the foundation of future labs.  Some of you may be familiar with VMWare Workstation.  This environment is very similar but allows remote access and leverages the VMWare vsphere product.  In this lab you will:Become familiar with your lab environmentConfigure your own firewall that separates your student local area network from the other students in the class (SYS255-WAN)Configure a single Windows 10 Workstation to communicate with the Internet --




fw01 gui configuration

You may have noticed that your Windows 10 system is not connected to the internet, so we will need to adjust our firewall (fw01) to make this happen.  Navigate to fw01's IP LAN IP address (bypass any certificate warning).


Use the same password you used when logging into the PfSense console.


The following are screens where you need to change the default.

Skip over the wizard and leave the setting checked to override the DNS server on PPP/WAN

  • System Wizard: General Information

    • Hostname: fw1-yourfirstname

    • Domain: yourfirstname.local

    • Primary DNS: 8.8.8.8

    • Secondary DNS: 1.1.1.1

  • System Wizard:  Configure WAN Interface

    • RFC1918 Networks:  Uncheck "Block private networks from entering via WAN"

  • System / User Manager:  Set Root Password

    • Up to you. If you set it, then you need to remember it!

Lab 01 - Virtual Firewall and Windows 10 Configuration

💡This lab is the very first step in building a small enterprise network and will serve as the foundation of future labs. Some of you may be familiar with VMWare Workstation. This environment is very similar but allows remote access and leverages the VMWare vsphere product. In this lab you will:

Become familiar with your lab environment Configure your own firewall that separates your student local area network from the other students in the class (SYS255-WAN) Configure a single Windows 10 Workstation to communicate with the Internet

Resources URL for WAN IP: please refer to Network Assignments via Canvas Homepage URL for Remote Access to get on Champlain Network: https://viewportal.champlain.edu/ URL for vSphere once on Champlain Network: https://vcenter02.cyber.local

PfSense - fw01

The PfSense firewall will provide routing services between a Local Area Network and Wide Area Network in your VSphere environment.

Figure out how to modify the settings of your fw01 VM, and make sure that the first network adapter is assigned to WAN and the second assigned to the LAN-yourname network as shown in the following figure.

Essentially, you have “cabled” your firewall VM’s 2x network adapters.

Power on your fw01 VM and Open a VM Console

Find the menu items or icons that allow you to first power on, and then open a web console to your firewall virtual machine.

Your console should now look similar to the following after power on and login:

💡The default username and password for pfsense is listed in Default Passwords on our Home Page

Your WAN and LAN are either missing network configuration information or contain default IP addresses. PfSense also assumes that the first interface is wired to your LAN, which is incorrect. In the next few steps, we will assign our interfaces to the appropriate network and configure IP addresses on each interface. Step 1: Assign Interfaces Our interfaces should be assigned in the same order as they appeared in our VMWare configuration, namely the WAN should be associated with the first interface and the LAN should be associated with the second interface.

To double check & match network interface addresses, first find out the MAC addresses of the FW01’s network interfaces:

Select 1 to reassign Network Interfaces and follow the following steps: For due diligence, double check the MAC addresses to match what vSphere displays above. In this example, we cabled the WAN network adapter on 00:50:56:B3:65:C0 in vSphere, which matches em0 in PfSense. This is good as it means we cabled it correctly and PfSense sees the Network Adapter we want to use for WAN connectivity. The similar principle of matching MAC addresses applies to the LAN network adapter and its MAC address displaying in PfSense for em1. If these MAC addresses do not match, then effectively you have miscabled the VM, and thus no network connectivity until that is resolved.

Do not configure VLANs now The WAN interface name should be changed to em0 The LAN interface name should be changed to em1 If prompted for an optional interface, just select If successful, your interfaces should look like this:

When prompted to proceed, do so. Step 2: Set interface IP address The first interface em0 will be assigned to an WAN address that is documented in the course Network Assignments in Canvas. This interface represents the outside of your network. Make sure to use your assigned IP address instead of the instructor IP address shown in the following screenshots. Select 2 to Set interface IP Address Select 1 again to pick the WAN interface Do not use DHCP for the WAN IPv4 address You are using a 24 bit subnet mask For the WAN, your upstream gateway is 10.0.17.2 Use the gateway as your IPv4 name server as well We will not be using IPv6, respond no when asked about DHCP. Press to bypass IPv6 configuration When asked about HTTP for the GUI, respond no (we want to use secure https) Select 2 again to configure the other Interface's IP Address Select 2 to pick the LAN interface We are not using DHCP Your LAN IP Address is 10.0.5.2. This is the same for every student. You are using a 24 bit subnet mask You do not have an upstream LAN gateway (you are the gateway for the LAN). Press No DHCP Press to bypass IPv6 configuration Do not enable a LAN DHCP Server Do not revert to HTTP

💣Use your assigned IP address 10.0.17.1XX here for the WAN address, not the instructor's as shown below.

We will come back to fw01 to complete the configuration through the web interface once we have a Windows 10 client to use.

Windows 10 - wks01 Figure out how to adjust wks01's VMWare Network Configuration such that it is on your LAN segment (see below):

Your hostname/computer name should be set to wks01-yourfirstname.

Open File Explorer Right-click on “This PC” Click “Properties” Click on “Change Settings” Click “Change” next to “To rename this computer…” Then type: wks01-yourfirstname Check “firstname” to your real first name.

💡The Windows 10 desktop system (wks01) will display the champuser username which uses its default password (in Canvas). You will need to set up a new local administrator account, which you will use for the rest of the term.

Here are specific instructions on how to add a new local administrative user.

You should be now in your new local admin account, with your new hostname.

Make sure you have the following network configuration items taken care of following installation:

💣Remember any passwords you used so far!

fw01 gui configuration You may have noticed that your Windows 10 system is not connected to the internet, so we will need to adjust our firewall (fw01) to make this happen. Navigate to fw01's IP LAN IP address (bypass any certificate warning).

Use the same password you used when logging into the PfSense console.

The following are screens where you need to change the default. Skip over the wizard and leave the setting checked to override the DNS server on PPP/WAN System Wizard: General Information Hostname: fw1-yourfirstname Domain: yourfirstname.local Primary DNS: 8.8.8.8 Secondary DNS: 1.1.1.1 System Wizard: Configure WAN Interface RFC1918 Networks: Uncheck "Block private networks from entering via WAN" System / User Manager: Set Root Password Up to you. If you set it, then you need to remember it!

⚠️ **GitHub.com Fallback** ⚠️