Lab 3.1 Segmentation 1
In this lab, we are going to segment our network by adding a new firewall and a new network (MGMT). We will retire our log01 server and replace it with a new server on the MGMT network.
List out any commands that were used or found to be helpful during the process.
New-LocalUser -Name "username"
creates a new user on Windows Powershell
Add-LocalGroupMember -Group "Administrators" -Member "user"
Adds to the Admin Group
Document any notes that were taken while working on the assignment.
- Set up wks01-david
- Named account
- IP settings
- Proper Wiring
- Hostname
Test (whoami, hostname, ping, etc.)
-
Make sure the HTTP page is accessible from the wks01
-
Set up fw-mgmt-david
- Named account
- IP settings
- Proper Wiring
- Hostname
- Set up DNS and interfaces on the fw-mgmt-box
- DNS
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding system
-Interfaces
'set interfaces ethernet ethx address [address]`
'set interfaces ethernet ethx description [desc]`
- Set up mgmt02-david
- Named account
- IP settings
- Proper Wiring
- Hostname
- Set up a new NAT rule (30)
Commands found in VyOS
- Kill Log01 and set up wazuh-david
- Named account
- IP settings
Used
/etc/netplanconf file
- Proper Wiring
- Hostname
Used
/etc/hostname
Include any additional notes or observations made while working on the assignment.
**List out any issues that were encountered while working on the assignment. **
- Ran into issues accessing the HTTP page from WKS01
If any issues were solved, list out the resolutions for each problem.
- To troubleshoot and fix the web server I first checked all of the wiring and networking on all of the boxes that were supposed to access it. None were able to access it as we went up the line and eventually after curling the ip, it was shown that no ports were open. I had forgot to make the ports stay open using the
--permanenttag forfirewall-cmd
List out any questions that arose while working on the assignment.
N/A