Inhaltsverzeichnis
Task 4 - Introduction to pfSense Firewall and Vlans
Version | Status | date | Author |
---|---|---|---|
0.1 | First draft | 27.10.2023 | Emily Schmid |
4.1 Initial situation
Task 4 is based on the existing network from task 3, so make sure you have the network from task 3 in front of you to solve this new task.
This task is about creating a simplified version of the internal Rafisa network with the most important vlans currently in use. If you can solve this task, you should be able to understand and recreate the complete Rafisa network.
4.2 Resources
If necessary, use all the resources I provide here. With the help of these resources it is possible to realise this task.
1: Use Cisco Command Line: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf 2: Create and manage VLANS and trunk ports on Cisco switch:Vlan management on Cisco switch
pfSense Management - Configure and create Vlans and set firewall rules:
Configuring Vlans on Cisco Switch:
Introduction to the topic of Trunk:
Access Ports Introduction:
4.3 Configuration to be realised
(Use the image below as a guide)
For DHCP: Range from 172.25.1/21/22/23/50.100 to 172.25.1/21/22/23/50.254
- VLAN01_MGMT - DHCP
- VLAN10_SRVAUTH - Static
- VLAN21_CLAUSB - DHCP
- VLAN22_CLLERN - DHCP
- VLAN23_CLGUEST - DHCP
- VLAN40_LP - Static
- VLAN50_LAB00 - DHCP
- pfSense Firewall Rules according to authorisation matrix.
Authorisation matrix for pfSense rules:
In this table you can see which VLAN is allowed to communicate with each other (marked with a green tick) Using the example of the Vlan10_SRVAUTH, you can see that it can communicate with its own VLAN as well as the 40_LP Vlan. However, a device in the 10_SRVAUTH Vlan cannot communicate with the 01_MGMT VLAN. However, a device in the 01_MGMT may communicate with the 10 VLAN device.
VLAN | 01 | 10 | 21 | 22 | 23 | 40 | 50 |
---|---|---|---|---|---|---|---|
01_MGMT | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
10_SRVAUTH | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ❌ |
21_CLAUSB | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
22_CLLERN | ❌ | ✔️ | ❌ | ✔️ | ❌ | ✔️ | ❌ |
23_CLGUEST | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ |
40_LP | ❌ | ✔️ | ❌ | ✔️ | ❌ | ✔️ | ❌ |
50_LAB00 | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
4.4 Testing
Download the test protocol
Please use the following form to test the solution: Test protocol, which you can download as an ODT template (Libre Office):
ODT export test protocol
Replace the notes in italics with your content. What you want to test and how, and how many test cases you need, is up to you. The testing must cover the most important aspects of your solution for a featured expert. At the end of the assignment, upload the test protocol to your Wekan assignment or send it to the relevant vocational trainer who gave you the assignment.
Important notes
☛ Suggestions for testing: Ping tests for all hosts and the internet; screenshot of the topology; screenshots of the device information (tooltips)