first commit

projects/firewall-migrations/hannesRoessler/Prep-previous-SG-FW.md

@@ -0,0 +1,41 @@
+
+## Time and Space
+
+- Bauerstr. 20 
+- 19.11.2024:09:00 
+
+## FW rules
+
+- no special FW rules configured
+
+### Ports to remember
+
+- 5222 (xmpp or similar)
+- 7000 
+
+## SSL/TLS inspection 
+
+- deactivated in current setup
+- when activating on new firewall we will have many problems afterwards
+- inform yourself about currently used systems and possible systems
+
+## WAN 
+
+- IPv4 gateway: M-net-vdsl, 82.135.16.28, Port2 - 93.104.238.207/255.255.255.255 
+
+### PPPoe
+
+- Username: X910931381@mdsl.mnet-online.de
+- Password: BZCYWHdA
+
+## Wireless
+
+- AP mac-address: 7c:5a:1c:e4:1b:76
+- AP switch port: 40 (shared with others)
+- HT-Intern. Pass: NjRkZjFmNTIzMzk5Yzcz
+
+## Switch
+
+- Model: HPE HP 2530-48G Switch
+![Switch Mac Addresses](files/hannes_roessler/20241118_switch-mac-addresses.png)
+

projects/firewall-migrations/hans-ostner.md

@@ -0,0 +1,3 @@
+## Notes
+
+- Aruba 254024G password reset of password manager

projects/firewall-migrations/hightec/firewall-migration.md

@@ -0,0 +1,56 @@
+## Autotask
+
+- Go to projects and find the customer
+	- write my times needed for each step into data sheet
+	
+## Space and Time
+
+- Space: **Goethestr. 52, 80336 Muenchen**
+- Time: **Monday 28.10 - Wednesday 30.10**
+
+## To consider
+
+- From SG to XGS
+	- recreate config (SG and XGS firmware differ)
+	- test template
+	- enforce sbx vlan standard
+- APs from Sophos available
+	- need to be added to Sophos Central
+	- currently in the SG confiured
+- 25 VPN user + ITM own config
+	- need to download new config via vpn-portal
+	- write manual for the customer
+- up to 1h down possible
+
+## Notes/Todos
+
+- domain: hightec.local
+- switches anpassen. vlans schon angelegt
+- who is renate goepfert and whats her mail? (because of vpn.) Is she related to ITM?
+
+- ssl inspection cert distribution over ad - DONE
+- reset ap on button and include it to sophos central (serial killer: P320056JRR3XVFB)
+
+## passwords
+
+- wlan: hts!356383 
+- **internet zugang (pppoe): User: X910449160@mdsl.mnet-online.de , Pass: PfpAHNsZ**
+- ad bind: user: ldap_sophos, pass: K5(|~H)hD/V[Sg(
+
+## Vor-Ort Notes
+
+- Stromkabel zur USV vergessen
+- manager, pass: QFxyFNgKIS
+- xgs, pass: gQf=9_7;_+c9^r.>}xZ2R^U]gX>z?B
+- printer mac: 00:20:6B:40:E7:C7
+
+### Ports Switch
+
+- 48: Trunk (tagged)
+- V10_Server: 11,13,1 (USV)
+- MGMT: 12,14 
+- V70_Phone: 2,8,35
+- V20_Client: 5-7,9-10, 15-17, 25,28.30,31,33,34,37-39,42,44,46
+- V40_WLAN-Intern,V50_WLAN-Gast: 47(tagged)
+- me: 21
+- Unidentified: 27,29

projects/firewall-migrations/hightec/vpn-portal-manual.md

@@ -0,0 +1,16 @@
+## Einleitung
+
+Dieses Dokument erklaert Ihnen wie Sie Ihren vpn wieder einrichten koennen.
+
+## Rezept
+
+1. Besuchen Sie bitte das VPN-Portal Ihrer Firewall: <https://gw.hannes-roessler.de>
+   ![VPN-Portal-login](files/sophos/vpn-portal-manual_01.png)
+2. Melden Sie sich mit Ihren bekannten VPN Zugangsdaten an. Bei erfolgreicher Anmeldung erscheint das folgende Fenster:
+   ![VPN-Portal-loggedin](files/sophos/vpn-portal-manual_02.png)
+3. Sofern Sie VPN zuvor auf Ihrem Rechner genutzt haben, sollte der "Sophos Connect Client" bereits auf Ihrem Rechner installiert sein. Wenn nicht, klicken Sie bitte auf einen der beiden Links oben, um den "Sophos Connect Client" auf Ihrem Windows oder MacOS zu installieren. (Intern fuer mich. Alter Sophos Client macht Probleme)
+4. Nachdem Sie den "Sophos Connect Client" erfolgreich auf Ihrem Geraet installiert haben, muessen Sie Ihre VPN Konfigurationsdatei runterladen:
+   ![VPN-Portal-config](files/sophos/vpn-portal-manual_03.png)
+5. Die heruntergeladene Datei ist eine sogennante .ovpn Datei und muss in Ihren Sophos Connect Client importiert werden. ("import connection" rechts unten im gezeigten Bild)
+   ![VPN-Portal-import](files/sophos/vpn-portal-manual_04.png)
+   ![VPN-Portal-ovpn](files/sophos/vpn-portal-manual_05.png)

projects/firewall-migrations/sophos-central-template/old/Notes.md

@@ -0,0 +1,15 @@
+Capture here all settings which I done in the template
+
+**Serial Number:  C1A1046KXFXKT60**
+
+## Administration
+
+### Device Access
+
+Local service ACL: Close all on WAN Interface except "SSL VPN"
+Local service ACL exception rule: Add "sbx_office". Source Network Host: 213.160.17.158; Services: https, ssh; Action: Allow
+
+### Admin and user settings
+
+### Time
+Custom ntp server: <de.pool.ntp.org> 

projects/firewall-migrations/sophos-central-template/old/template-std-structure.md

@@ -0,0 +1,23 @@
+
+## Templates
+
+### MAIN TEMPLATE
+
+**This template is ALWAYS linked to all customer firewalls and corresponding changes should be done in the template**
+_Such a template enforces implicitly a standard configuration which is the same for every fw. _
+
+- Include configs which hold for ALL customers 
+- These include the following settings:
+	- Hosts and Services
+	- Administration
+	- Web
+
+### New Installations TEMPLATE
+
+- **This template is only used once when configuring a firewall initially**
+- could differ for different customers
+
+### Special TEMPLATES
+
+1. VLANs related settings
+2. intrinsic commercial sophos security features

projects/firewall-migrations/sophos-central-template/std-fw-networks.md

@@ -0,0 +1,14 @@
+
+## Private
+
+- 192.168.xx.0/24
+
+## VPN
+
+- 10.81.0.0/24
+
+### Rule
+
+
+
+

projects/firewall-migrations/sophos-central-template/std-fw-services.md

@@ -0,0 +1,13 @@
+
+## ActiveDirectory
+
+- LDAP: 389 (TCP & UDP)
+- LDAPS: 636 (TCP)
+- Global Catalog: 3268, 3269 (TCP)
+- Kerberos: 88 (TCP & UDP)
+- Kerberos-Kennwortänderung: 464 (TCP & UPD)
+- DNS: 53 (TCP & UDP)
+- RPC: 135 (TCP) + Dynamische Ports (49152–65535 (TCP))
+- SMB: 445 (TCP)
+- NTP: 123 (TCP & UDP)
+- RAW: 9100 (TCP)

projects/firewall-migrations/sophos-central-template/std-sbx-mac.md

@@ -0,0 +1,8 @@
+## TODO
+
+- Alle Mitarbeiter muessen ihre MAC Addresse im Sophos Template hinterlegen.
+
+## Mac Addresses
+
+- Sebastian: WLAN: 50-76-AF-35-0D-6D, LAN: E8-6A-64-73-94-35
+- Petar: WLAN: 04-7B-CB-CA-CA-1A, LAN: FC-5C-EE-22-5E-B2