## 20250721-Meeting - 19.08.2025 Termin fuer Firewall Migration ## General - Interfaces need to be defined on each device. They are not synced ## Current Firewall | Name | Ethernet | VLAN | Network | Gateway | DHCP | Comment | | -------------- | -------- | ---- | ---------------- | --------------- | --------------------------------- | ------------------- | | WAN | eth1 | none | 62.245.142.26/29 | 62.245.142.25 | none | Mnet 500 Mbit Fiber | | LAN | eth0 | 1 | 172.22.0.0/22 | 172.22.3.254 | 172.22.0.10 - 172.22.3.199 | | | GA | eht2 | 400 | 172.22.4.0/24 | 172.22.4.254 | 172.22.4.100 - 172.22.4.199 | Gebaeudeautomation | | DMZ | eth4 | none | 172.22.5.0/24 | 172.22.5.254 | | DMZ? | | Homematic | eht2 | 600 | 172.22.6.0/24 | 172.22.6.254 | 172.22.6.100 - 172.22.6.199 | Home? | | W-LAN CQSE_VPN | eth2 | 147 | 192.168.147.0/24 | 192.168.147.254 | 192.168.147.100 - 192.168.147.199 | Was | | | eht3 | | | | | HA Sync if | ## New Firewall | Name | Ethernet | VLAN | Network | Gateway | DHCP | Comment | | -------------- | ------------ | ---- | ------------------- | --------------- | --------------------------------- | ------------------- | | WAN | igc1 | none | 62.245.142.26-27/29 | 62.245.142.25 | none | Mnet 500 Mbit Fiber | | LAN | igc0 | 1 | 172.22.0.0/22 | 172.22.3.254 | 172.22.0.10 - 172.22.3.199 | | | GA | parent: igc2 | 400 | 172.22.4.0/24 | 172.22.4.254 | 172.22.4.100 - 172.22.4.199 | Gebaeudeautomation | | DMZ | igc3 | none | 172.22.5.0/24 | 172.22.5.254 | | DMZ? | | Homematic | parent: igc2 | 600 | 172.22.6.0/24 | 172.22.6.254 | 172.22.6.100 - 172.22.6.199 | Home? | | W-LAN CQSE_VPN | parent: igc2 | 147 | 192.168.147.0/24 | 192.168.147.254 | 192.168.147.100 - 192.168.147.199 | Was | | | ax0 | | 10.0.0.0/31 | / | / | HA Sync if | ## WAN - External WAN: 62.245.142.26/29 - WAN gateway: 62.245.142.25 - WAN broadcast: 62.245.142.31 - WAN not-used addresses: 62.245.142.27-30 ## OPNsense Cluster ### Master MGMT: 172.22.3.252/24 WAN: 62.245.142.28/29 WANsbx: 10.11.12.2/24 pfSync: 10.0.0.1/31 ### Slave MGMT: 172.22.3.253/24 WAN: 62.245.142.27/29 WANsbx: 10.11.12.3/24 pfSync: 10.0.0.2/31 ### Virtual IP WANsbx IP: 10.11.12.4/24 WAN IP: 62.245.142.26/29 LAN IP address: 172.22.3.254/24 ## Switches ### cqse-sw-1og-1.cqse.lan - IP: 172.22.3.200 - untagged in MGMT VLAN - carries 3 VLANs on igc2: GA, Homematic, WLAN-CQSE_VPN - Trk1: 49-50 (Sw2Sw Trunk) - Port 1: Sophos Node1 eth0 - Port 2: Sophos Node2 eth0 - Port 3: Sophos Node1 eth2 - Port 4: Sophos Node2 eth2 ### cqse-sw-1og-2.cqse.lan - IP: 172.22.3.201 - untagged in MGMT VLAN - carries 3 VLANs on igc2: GA, Homematic, WLAN-CQSE_VPN - Trk1: 49-50 (Sw2Sw Trunk) ### cqse-sw-3.cqse.lan - IP: 172.22.5.200 - All ports in DMZ