CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

20250404

Browse Source
This commit is contained in:
Petar Cubela
2025-04-04 10:57:26 +02:00
parent e1d3a98fd2
commit 7becbea415
28 changed files with 1760 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
projects/boschmann+feth/20250326-Preparation.md Normal file
View File

@@ -0,0 +1,131 @@
## ToDo
- [=] ap integrieren
- [=] ap ip anpassen
- [x] server auf maintenance in ninja einstellen
- [x] mount kid befestingen
- [=] switch ip anpassen
- [x] vlans erstellen
- [=] switch vlans konfigurieren
- [x] dns einstellungen anpassen
- [x] client rechner an switch (welche ports brauchen untagged client net)
- [x] fw regeln fuer vpn
- [x] second admin vpn
- [ ] star money, datev for ssl inspection exclude
- [ ] services.starfinanzen.de
- [ ] frontgate-eu.factsetdigitalsolutions.com
- [ ] starmoney.aboalarm.de
- [ ] web.starmoney.de
- [ ] starfinanz.de
- [ ] starmoney.de
- [ ] naechste Woche mehr kure gruene kabel mitnehmen (.25m)
## Einsatz
- WLAN-Intern: d5C9nhBBDGhd
- fP33-y4be-M8Qk
### Switch Ports
| Port | Device(s) | VLANs | Note |
| ---- | -------------------- | -------------------------------- | --------------- |
| 1 | Firewall | tagged: default, untagged: all | |
| 2 | HP | | ws |
| 4 | Mitel (phone) | untagged: 11, tagged: none | |
| 13 | Mitel (phone) | untagged: 11, tagged: none | |
| 19 | Mitel (phone) | untagged: 11, tagged: none | Printer |
| 25 | ? | | |
| 27 | Mitel (phone) | untagged: 11, tagged: none | WS-Boschmann |
| 28 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
| 34 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-07 |
| 35 | Mitel (phone) | untagged: 11, tagged: none | |
| 37 | Mitel (phone) | untagged: 11, tagged: none | |
| 38 | HP | | ws |
| 39 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
| 40 | Mitel (phone) | untagged: 11, tagged: none | |
| 41 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-14 |
| 43 | Sophos AP | untagged: default, tagged: 30,40 | several devices |
| 44 | HP | | ws |
| 46 | Mitel (phone) | untagged: 11, tagged: none | |
| 47 | ? | | |
| 48 | Server in UG | untagged: 11, tagged: none | |
## Basis
### Network
#### Interfaces
- LAN (Port1): Network 192.168.11.254/24
- [x] define V11_LAN_SERVER for this network
- [x] Call physical LAN interface V50_LAN_MGMT
- WAN (Port2 and Port8): Two Configured
- [x] Port2: PPPoE (versatel) 104.151.27.221/32
- [x] Port8: Static 192.168.178.254/24 (Fritzbox. For phone?)
- WiFi (BuF_Gast): Network: 192.168.111.100
#### VLANs
Currently no VLANs (except this weird wifi thing).
VLANs for new Firewall:
- V11_LAN_SERVER
- V20_LAN_CLIENT
- V30_WLAN_INTERNAL
- V40_WLAN_GUEST
- V50_LAN_MGMT
- (V70_LAN_PHONE ??)
#### DHCP
- DHCP only for WLAN_Gast: 192.168.111.101 - 192.168.111.120
- DC is doing DHCP for 192.168.11.0/24 network: 192.168.11.80 - .159
#### Services
- Star Money (banking)
- Teamviewer
- Cosoba
- DATEV
- Zoom
- DropBox
- Google Drive
- OneDrive
- M365
- Sharepoint
#### DNS
- [x] Configure DNS request route to DC for new Firewall
- DC is doing DNS when acting as DHCP Server
### Authentication
#### Server
- Server Type: AD
- Server Name: BUF-SRV-DC-01
- Server IP/Domain: 192.168.11.13
- Connection Sec: SSL/TLS
- Port: 636
- NetBIOS domain: BUF
- ADS user name: sophos_ldap
- Password: IT-Glue
- Emal address attribute: mail
- Domain name: buf.local
- Search Queries: dc=buf,dc=local
### Phone
- not separate configuration needed. Only Set WAN to fritz correctly. Check the connectivity to phones after migration
### VPN