= Lab Setup = In this Hands-on we will install all dependencies and basic network design. We will use Oracle Virtual Box and GNS3 software to virtualize the lab network. All participants are grouped into two as '''User A''' and '''User B''' and the group details including IP subnets can be found from [wiki:Cnbp2019/Agenda/IpAllocation here]. Both users must change their IP Addresses with the following additional detail. We recommend using the wired network as much as possible. * Subnet mask: IPv4 - /24, IPv6 - /64 * Gateway: 192.248.7.254 / 2401:dd00:2000::ffff * DNS: 192.248.7.254 / 2401:dd00:2000::ffff For each group; * User A needs to install '''GNS3''' and '''Virtual Box''' * User B needs to install '''Virtual Box''' only Both users must change their host machines (Laptop) IP address as per the above-linked table and it is advised to use the wired network. We will create a virtual network on User A and related servers on User B due to RAM limitations on Physical Devices. > Virtualized appliances will be connected via UDP tunnels and these must be neglected for your actual physical installations. == Download Dependencies == * Download Oracle Virtual Box from [https://sp-training.ac.lk/VirtualBox-6.0.4-128413-Win.exe here] on both users * Download pfsense VM from [https://docs.learn.ac.lk/index.php/s/iC7mzKBNrjPYXwc ext-Mirror] or [https://sp-training.ac.lk/Firewall-cnbp2019.ova Lab-Mirror]( '''only on User A''') * Download GNS3 from [https://sp-training.ac.lk/GNS3-2.1.11-all-in-one-regular.exe here] '''only on User A''' * Download Required router images ('''only on User A''') * [https://docs.learn.ac.lk/index.php/s/cMg1FsJkL3VqnCQ ext-Mirror] or [https://sp-training.ac.lk/c3725-adventerprisek9-mz.124-25d.bin Lab-Mirror] * Download all server VM's '''only on User B''' * OVA1 [https://docs.learn.ac.lk/index.php/s/aFnsmB6FbXFUMvh ext-Mirror] or [https://sp-training.ac.lk/GUI.ova Lab-Mirror] * OVA2 [https://docs.learn.ac.lk/index.php/s/I1lNm3ntyO8bBNx ext-Mirror] or [https://sp-training.ac.lk/VMs.ova Lab-Mirror] [[span(style=color: #A00000, '''Following settings will need to be as it is with the changes only to the specified dynamic content.''' )]] === Install Virtual Box === On both users, Install Virtual Box software with default settings, make sure you have enabled virtualization support from your host machine BIOS. > If you have pre-installed Virtual Box in your host machines make sure they are updated to 6.x latest version Import downloaded OVA files into Oracle virtual box from File > Import Appliance While importing make sure to select '''Generate new MAC addresses for all Network Adapters''' from '''MAC Address Policy'''. This should import Virtual Machines for pfsense on User A and two server machines + GUI on User B As soon as you import vm's, change your VM network connections as follows; * '''User A : pfSense VM''' '''Adapter 1:'''[[br]] Attached to: Bridged Adapter[[br]] Name: ![[Your Physical Adapter Name]][[br]] Promiscuous Mode: Allow All[[br]] Cable Connected '''Adapter 2:'''[[br]] Attached to: Generic Driver[[br]] Name: UDPTunnel[[br]] Generic Properties:[[br]] dest=127.0.0.1[[br]] dport=30000[[br]] sport=20000[[br]] Cable Connected '''Adapter 3:'''[[br]] Attached to: Generic Driver[[br]] Name: UDPTunnel[[br]] Generic Properties:[[br]] dest=127.0.0.1[[br]] dport=30001[[br]] sport=20001[[br]] Cable Connected >Note down all mac addresses as we need them to decide which port connects to which network later when installing pfsense) * '''User B : GUI VM''' '''Adapter 1:'''[[br]] Attached to: Generic Driver[[br]] Name: UDPTunnel[[br]] Generic Properties:[[br]] dest=//![[IPv4 of UserA]]//[[br]] dport=30002[[br]] sport=20002[[br]] Cable Connected * '''User B : Web Server VM''' '''Adapter 1:'''[[br]] Attached to: Generic Driver[[br]] Name: UDPTunnel[[br]] Generic Properties:[[br]] dest=//![[IPv4 of UserA]]//[[br]] dport=30003[[br]] sport=20003[[br]] Cable Connected * '''User B: Monitoring Server VM''' '''Adapter 1:'''[[br]] Attached to: Generic Driver[[br]] Name: UDPTunnel[[br]] Generic Properties:[[br]] dest=//![[IPv4 of UserA]]//[[br]] dport=30004[[br]] sport=20004[[br]] Cable Connected === Install GNS3 === '''On __User A__ host machines''', download latest GNS3 from local link here and go through the installation steps from [https://docs.gns3.com/11YYG4NQlPSl31YwvVvBS9RAsOLSYv0Ocy-uG2K8ytIY/index.html# here] On first application load, cancel all wizards including Open Project wizard. Go to '''Edit''' --> '''Preferences''' * Select '''Server''' on Left side menu and select '''Enable local server''' from Main Server tab if it is not selected already. * Click '''Apply''' * Select '''Dynamips''' --> '''IOS routers''' on Left side menu and '''New''' * Select '''New Image''' and Browse to the router image file you downloaded. * Select '''yes''' for the window '''Would you like to decompress this IOS image'''. * On the Next step, tick the option called '''This is an !EtherSwitch router''' and click next. * Keep all other settings to their default values and click next till the last option '''Idle-PC''' * Click '''Idle PC finder''' and wait for a moment. Once it finds a value click '''finish''' * Click '''Apply''' and '''Ok''' Next go to '''File''' --> '''New blank project''' * Name the project as '''Campus Network''' and click '''OK''' ---- On your new project click on the fifth icon on your left corner menu '''Browse All Devices''' Drag and drop following devices into the design area * 3 x !EtherSwith Router * 7 x Ethernet Switch * 5 x Cloud * 9 x VPCS Next, right click on each cloud and define following on its configurations (Right Click --> Configure ); * Cloud-1 * Misc: * Name: LEARN-Router * Ethernet Interfaces: * Select "Ethernet" and click "Delete" * Click "Apply" and "OK" * Again Right Click --> Change Symbol * Select the symbol called "router" from Symbols Library and Click "ok" * Cloud-2 * Misc: * Name: pfSense-Firewall * Ethernet Interfaces: * Select "Ethernet" and click "Delete" * UDP Tunnels * Name: DMZ * Local Port: 30000 * Remote host: 127.0.0.1 * Remote Port: 20000 * Click "Add" and create another as, * Name: LAN * Local Port: 30001 * Remote host: 127.0.0.1 * Remote Port: 20001 * Click "Add", "Apply" and "OK" * Again Right Click --> Change Symbol * Select the symbol called "firewall" from Symbols Library and Click "ok" * Cloud-3 * Misc: * Name: GUI-PC * Ethernet Interfaces: * Select "Ethernet" and click "Delete" * UDP Tunnels * Name: NIC1 * Local Port: 30002 * Remote host: //![[IPv4 of UserB]]// * Remote Port: 20002 * Click "Add", "Apply" and "OK" * Again Right Click --> Change Symbol * Select the symbol called "Computer" from Symbols Library and Click "ok" * Cloud-4 * Misc: * Name: Web-Server * Ethernet Interfaces: * Select "Ethernet" and click "Delete" * UDP Tunnels * Name: NIC1 * Local Port: 30003 * Remote host: //![[IPv4 of UserB]]// * Remote Port: 20003 * Click "Add", "Apply" and "OK" * Again Right Click --> Change Symbol * Select the symbol called "Server" from Symbols Library and Click "ok" * Cloud-5 * Misc: * Name: Monitoring-Server * Ethernet Interfaces: * Select "Ethernet" and click "Delete" * UDP Tunnels * Name: NIC1 * Local Port: 30004 * Remote host: //![[IPv4 of UserB]]// * Remote Port: 20004 * Click "Add", "Apply" and "OK" * Again Right Click --> Change Symbol * Select the symbol called "Server" from Symbols Library and Click "ok" Right Click on other devices and "Change Hostname" as, * ESW1 :- FAC1 * ESW2:- FAC2 * ESW3:- FAC1-BLD1-FL2 * Ethernet switch-1:- FAC1-BLD1-FL1A * Ethernet switch-2:- FAC1-BLD1-FL1B * Ethernet switch-3:- FAC1-BLD2-FL0 * Ethernet switch-4:- FAC2-BLD1-FR1 * Ethernet switch-5:- FAC2-BLD2-FR1 * Ethernet switch-6:- FAC2-BLD2-FR3 * Ethernet switch-7:- DMZ Again change the symbol of **FAC1-BLD1-FL2** to an Ethernet Switch, * Right Click --> Change Symbol * Select the symbol called "ethernet_switch" from Symbols Library and Click "ok" Then as per the given network diagram, connect your devices. Make sure you connect ports exactly as per the diagram. [[Image(wiki:Cnbp2019/Agenda/LabSetup:CampusNetwork.png,85%,border=1, center)]] > Please note that the link between pfSense and the LEARN Router nodes are for illustration purposes only. You are not allowed to connect them via connections as both of them are cloud devices. As we are directly using a bridged interface for pfSense WAN, you may use a "Drawn line" to complete the diagram.