Lab 01 - michael-D-S/SYS-255 GitHub Wiki

Michael Sargent SYS-255-02, 8/31/2024

Lab01 ,Tech Journal

Overview:

Within this lab the goal was to configure the WAN and LAN connections on the firewall and connect the workstation to the internet, as well as set up the admin user and rename the workstation.

Logins for future labs:

Admin Login: @dm1n10g1n

pfsense admin: refer to Canvas

New commands:

To shorten a ping to 1 packet use the command: ping -n 1

To limit the number of hops for a traceroute: tracert /h (Maximum number of Hops)

Lab Notes:

  • Select 1 to reassign Network Interfaces and follow the following steps: For due diligence, double check the MAC addresses to match what vSphere displays above. In this example, we cabled the WAN network adapter on 00:50:56:B3:65:C0 in vSphere, which matches em0 in PfSense. This is good as it means we cabled it correctly and PfSense sees the Network Adapter we want to use for WAN connectivity. The similar principle of matching MAC addresses applies to the LAN network adapter and its MAC address displaying in PfSense for em1. If these MAC addresses do not match, then effectively you have miscabled the VM, and thus no network connectivity until that is resolved.
  • Do not configure VLANs now
  • The WAN interface name should be changed to em0
  • The LAN interface name should be changed to em1
  • If prompted for an optional interface, just select
  • If successful, your interfaces should look like this:
    • The Interfaces will be assigned as follows:
    • WAN -> eM0
    • LAN -> eM1
  • When prompted to proceed, do so.
  • Select 2 to Set interface IP Address
  • Select 1 again to pick the WAN interface
  • Do not use DHCP for the WAN IPv4 address
  • You are using a 24 bit subnet mask
  • For the WAN, your upstream gateway is 10.0.17.2
  • Use the gateway as your IPv4 name server as well
  • We will not be using IPv6, respond no when asked about DHCP.
  • Press to bypass IPv6 configuration
  • When asked about HTTP for the GUI, respond no (we want to use secure https)
  • Select 2 again to configure the other Interface's IP Address
  • Select 2 to pick the LAN interface
  • We are not using DHCP
  • Your LAN IP Address is 10.0.5.2. This is the same for every student.
  • You are using a 24 bit subnet mask
  • You do not have an upstream LAN gateway (you are the gateway for the LAN). Press
  • No DHCP
  • Press to bypass IPv6 configuration
  • Do not enable a LAN DHCP Server
  • Do not revert to HTTP

WKS01: *Open File Explorer *Right-click on “This PC” *Click “Properties” *Click on “Change Settings” *Click “Change” next to “To rename this computer…” *Then type: wks01-yourfirstname *Check “firstname” to your real first name.

  • Set IP address to 10.0.5.100
  • Subnet mask to /24
  • Default gateway to 10.0.5.2
  • Preferred DNS server to 10.0.5.2

FW01 GUI Config: *You may have noticed that your Windows 10 system is not connected to the internet, so we will need to adjust our firewall (fw01) to make this happen. Navigate to fw01's IP LAN IP address (bypass any certificate warning). Use the same password you used when logging into the PfSense console. The following are screens where you need to change the default. Skip over the wizard and leave the setting checked to override the DNS server on PPP/WAN

  • System Wizard: General Information
  • Hostname: fw1-yourfirstname
  • Domain: yourfirstname.local
  • Primary DNS: 8.8.8.8
  • Secondary DNS: 1.1.1.1
  • System Wizard: Configure WAN Interface
  • RFC1918 Networks: Uncheck "Block private networks from entering via WAN"
  • System / User Manager: Set Root Password
  • Up to you. If you set it, then you need to remember it!

Add Local Admin:

  • Look up lusrmgr.msc
  • Add a new local user (note, added -loc), and don’t forget those password reminders. Now let’s change the account type.
    • User name: michael.sargent-loc
    • Full: michael.sargent-loc
    • Decription: New Local Admin Acct
  • Add user to local admin group
  • Log out and back in
⚠️ **GitHub.com Fallback** ⚠️