vyOS is a console based network appliance, it will work as the router in this environment. This system has three network adapters, one for WAN, one for the DMZ and one for the LAN. Because these machines are ritualized, these adapters have to be assigned in vcenter. Keep note of what MAC addresses correspond with each assigned network segment.

1. To configure things in the vyOS terminal, config mode must be entered. Do this by typing configure in the terminal.

2. Settings the hostname can be done using set system host-name <your_host_name>.

3. Once a setting is changed, it can be committed to the running config using commit. Any changes that are committed can be saved to the startup config using save.

4. Showing your interfaces can be helpful, run show interfaces to see the current config.

1. Make sure configure mode is active

2. Run the following command to set a password for a specific user:

set system login user <username> authentication plaintext-password <password>

3. Make sure to commit and save changes.

1. Labeling interfaces is imperative to keeping track of which adapters correspond to each network. They can be labeled with the following:

set interfaces ethernet <interface_name> description <interface_description> 

Make sure to commit and save changes.

2. Once descriptions are set, addresses can be assigned to the interfaces using the following command:

set interfaces ethernet <interface_name> address <ipaddress>/<subnet_mask>

1. This system needs to be able to route traffic over the internet, set the default route using the following:

set protocols static router 0.0.0.0/0 next-hop <default-route-address>

In my case, the default route address is 10.0.17.2

3. Set the default name server route:

set system name-server <name_server_address>

In my case, the name DNS is also 10.0.17.2

After all setup is complete, the system should be able to ping resources on the internet e.x. google.com

Setting up NAT rules is mandatory for network communication. This is an example of NAT Rule 30 used to connect MGMT to WAN:

set nat source rule 30 description 'NAT FROM MGMT to WAN'
set nat source rule 30 outbound-interface 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'

Successful configurations will allow the MGMT network to access resources on WAN.

Now that their are two firewalls in the network, it is important to not double NAT, instead use a routing protocol like RIP to advertise a network. Here is an example of how RIP is used on fw01 to advertise the LAN network:

set protocols rip interface eth2
set protocols rip network 172.16.50.0/29

RIP will also be used on the new firewall fw-MGMT to advertise MGMT network:

set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'