CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
584265c22c6f472c7656969d85e778e0a4ab5742
notes/projects/cqse/fw-migration/20250718-main.md
Petar Cubela 584265c22c 20250907
2025-09-07 13:07:01 +02:00

3.5 KiB
Raw Blame History

20250721-Meeting

  • 19.08.2025 Termin fuer Firewall Migration

General

  • Interfaces need to be defined on each device. They are not synced

Current Firewall

Name Ethernet VLAN Network Gateway DHCP Comment
WAN eth1 none 62.245.142.26/29 62.245.142.25 none Mnet 500 Mbit Fiber
LAN eth0 1 172.22.0.0/22 172.22.3.254 172.22.0.10 - 172.22.3.199
GA eht2 400 172.22.4.0/24 172.22.4.254 172.22.4.100 - 172.22.4.199 Gebaeudeautomation
DMZ eth4 none 172.22.5.0/24 172.22.5.254 DMZ?
Homematic eht2 600 172.22.6.0/24 172.22.6.254 172.22.6.100 - 172.22.6.199 Home?
W-LAN CQSE_VPN eth2 147 192.168.147.0/24 192.168.147.254 192.168.147.100 - 192.168.147.199 Was
eht3 HA Sync if

New Firewall

Name Ethernet VLAN Network Gateway DHCP Comment
WAN igc1 none 62.245.142.26-27/29 62.245.142.25 none Mnet 500 Mbit Fiber
LAN igc0 1 172.22.0.0/22 172.22.3.254 172.22.0.10 - 172.22.3.199
GA parent: igc2 400 172.22.4.0/24 172.22.4.254 172.22.4.100 - 172.22.4.199 Gebaeudeautomation
DMZ igc3 none 172.22.5.0/24 172.22.5.254 DMZ?
Homematic parent: igc2 600 172.22.6.0/24 172.22.6.254 172.22.6.100 - 172.22.6.199 Home?
W-LAN CQSE_VPN parent: igc2 147 192.168.147.0/24 192.168.147.254 192.168.147.100 - 192.168.147.199 Was
ax0 10.0.0.0/31 / / HA Sync if

WAN

  • External WAN: 62.245.142.26/29
  • WAN gateway: 62.245.142.25
  • WAN broadcast: 62.245.142.31
  • WAN not-used addresses: 62.245.142.27-30

OPNsense Cluster

Master

MGMT: 172.22.3.252/24 WAN: 62.245.142.28/29 WANsbx: 10.11.12.2/24 pfSync: 10.0.0.1/31

Slave

MGMT: 172.22.3.253/24 WAN: 62.245.142.27/29 WANsbx: 10.11.12.3/24 pfSync: 10.0.0.2/31

Virtual IP

WANsbx IP: 10.11.12.4/24 WAN IP: 62.245.142.26/29 LAN IP address: 172.22.3.254/24

Switches

cqse-sw-1og-1.cqse.lan

  • IP: 172.22.3.200
  • untagged in MGMT VLAN
  • carries 3 VLANs on igc2: GA, Homematic, WLAN-CQSE_VPN
  • Trk1: 49-50 (Sw2Sw Trunk)
  • Port 1: Sophos Node1 eth0
  • Port 2: Sophos Node2 eth0
  • Port 3: Sophos Node1 eth2
  • Port 4: Sophos Node2 eth2

cqse-sw-1og-2.cqse.lan

  • IP: 172.22.3.201
  • untagged in MGMT VLAN
  • carries 3 VLANs on igc2: GA, Homematic, WLAN-CQSE_VPN
  • Trk1: 49-50 (Sw2Sw Trunk)

cqse-sw-3.cqse.lan

  • IP: 172.22.5.200
  • All ports in DMZ
Reference in New Issue View Git Blame Copy Permalink