new notes

2025-03-18 14:23:17 +01:00
parent e6c2775f5f
commit 6c47451c60
58 changed files with 1648 additions and 110 deletions
--- a/projects/kwa/20250318-mailstore-lizenz.md
+++ b/projects/kwa/20250318-mailstore-lizenz.md
@@ -0,0 +1,12 @@
+## Lizenzfile
+
+License-ID: 47ac3c43-b120-4577-ad8f-57abd4d7a5e9
+License-Type: MSV3
+Customer-Name: Knopp Wassmer Architekten PartG mbB
+Product-Name: MailStore Server
+Product-Version: 25.1.0.22653
+Product-Key: HRETS-CBTGE-HPNGP-GNKLL-MREBM
+Max-Named-Users: 20
+Machine-Name: SRVW-KWA-MAILST
+Support-Expiry-Date: 2025-05-03
+Support-Level: Standard Service
--- a/projects/kwa/firewall_migration/20250317_first-meeting.md
+++ b/projects/kwa/firewall_migration/20250317_first-meeting.md
@@ -0,0 +1,52 @@
+
+## Base Info 
+
+- Time: 18.03.2025 09:00 Uhr
+- Location: Teams
+- Participants: Nina Schiffel, ~Markus Wassmer~, Sebastian Peter, Oliver Kaspar, Petar Cubela
+
+## Todo
+
+- [x] Kalkulation fuer OPNsense
+- [x] Kalkulation fuer Sophos
+- [x] Kosten einer Sophos?
+
+## Topics
+
+- Sophos or OPNsense - HW, SW 
+- Zeitrahmen: vor dem 03.05
+- Arbeitszeit besprechen
+- Rekonstruktion der Kerio Firewall
+
+## Sophos
+
+- Trusted industry standard firewall which delivers default features needed in the industry. 
+- Support for several years vie expensive license and expensive hardware which becomes useless after license expiration
+
+## OPNsense
+
+- Open Source product. No cost for the OS
+- Can be installed on any hardware (as long as it has two network interfaces)
+- Yearly (or 3 years) license (~150/500 euro) which enables management features and commercial firmware repository
+
+## Preis
+
+| Topic                 | Preis - OPNsense                                                     | Preis - Sophos                                               |
+| --------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------ |
+| HW                    | Vorhandene Hardware oder neue Hardware (Kosten: 500 - 1000 Euro)     | ein Preis fuer HW + OS + Lizenz                              |
+| OS                    | Keine Kosten                                                         | n/a                                                          |
+| Lizenz                | Business License: 130 Euro/Yearly + Support License: 300 Euro/yearly | 7600 Euro (Lizenz gueltig fuer 3 Jahre)                      |
+| Arbeitsstunden        | ~40h, ~4000 Euro                                                     | ~30h, ~3000 Euro                                             |
+| Wartungspauschale     | TBA - Bespreche mit Thilo und Oli                                    | ??                                                           | 
+| Summary \[euro/year\] | 4000 (5000) Euro Einbau + 500 Euro/yearly Lizenz                     | 3000 Euro Einbau + 7600 Euro auf 3 Jahre (~2500 Euro/yearly) |
+
+
+## Meeting 20250317
+
+- diskutiere laufdauer bestehender hardware
+- ueberlegen neuer hw bestellung thomas-krenn
+- vergleiche preise: stunden + lizenz kosten + hw kosten
+- deadline 03.05
+- opnsense vs sophos - security features
+- wartungspauschale?
+- herrman fragen wegen opnsense lizenz
--- a/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md
+++ b/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md
@@ -0,0 +1,34 @@
+
+## Base Info
+
+- Deadline: 03.05
+- Anzahl User: 15
+
+## Angebot Liste
+
+ - Arbeitstunden ausrechnen
+ - Angebot fuer Lizenzen raussuchen ([Business License](https://shop.opnsense.com/product/opnsense-business-edition/), [Business Support Subscription](https://shop.opnsense.com/product/opnsense-business-support-subscription/))
+ - Keine Hardware noetig
+
+## Bestehende Hardware
+
+- System: Linux, Memory: 7888 MB, 8 processors
+- No PPPoe (done by Fritz)
+
+## Funktionen
+
+- Basis Setup (routing, Generische Einstellung, Firewall Regeln, Authentizierung via AD,..)
+- VLANs als Grundlage (MGMT, SRV, CLIENT, WLAN, WLAN-Guest)
+- VPN (OpenVPN)
+- Free SSL certs (via ACME)
+- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSL Inspection, https de-/encryption) (!NOTE! OPNsense CA needs to be trusted by every client. Distribute via Filewave)
+- OPNsense Antivirus Loesung (Clamav + C-Icap)
+- IDS/IPS
+- WAF
+- OPNcentral
+
+## Zertifikate
+
+- SSL for https (Let's Encrypt oder gekaufte Wildcard)
+- Self Signed for Web Proxy (SSL Inspection)
+- Self Signed for OpenVPN
--- a/projects/kwa/mail_migration/20241211-Max-Meeting-Kerio2M365.md
+++ b/projects/kwa/mail_migration/20241211-Max-Meeting-Kerio2M365.md
@@ -0,0 +1,11 @@
+
+## Notes
+
+- max tested already the migration with a test mailbox
+- test next the migration of some (public) project folders
+
+
+## teams phone
+
+- do it after the mail migration
+- upgrade and not a downgrade