132 lines
3.9 KiB
Markdown
132 lines
3.9 KiB
Markdown
|
|
## ToDo
|
|
|
|
|
|
- [=] ap integrieren
|
|
- [=] ap ip anpassen
|
|
|
|
- [x] server auf maintenance in ninja einstellen
|
|
- [x] mount kid befestingen
|
|
- [=] switch ip anpassen
|
|
- [x] vlans erstellen
|
|
- [=] switch vlans konfigurieren
|
|
- [x] dns einstellungen anpassen
|
|
- [x] client rechner an switch (welche ports brauchen untagged client net)
|
|
- [x] fw regeln fuer vpn
|
|
- [x] second admin vpn
|
|
- [ ] star money, datev for ssl inspection exclude
|
|
- [ ] services.starfinanzen.de
|
|
- [ ] frontgate-eu.factsetdigitalsolutions.com
|
|
- [ ] starmoney.aboalarm.de
|
|
- [ ] web.starmoney.de
|
|
- [ ] starfinanz.de
|
|
- [ ] starmoney.de
|
|
|
|
|
|
- [ ] naechste Woche mehr kure gruene kabel mitnehmen (.25m)
|
|
|
|
## Einsatz
|
|
|
|
- WLAN-Intern: d5C9nhBBDGhd
|
|
- fP33-y4be-M8Qk
|
|
|
|
### Switch Ports
|
|
|
|
| Port | Device(s) | VLANs | Note |
|
|
| ---- | -------------------- | -------------------------------- | --------------- |
|
|
| 1 | Firewall | tagged: default, untagged: all | |
|
|
| 2 | HP | | ws |
|
|
| 4 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 13 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 19 | Mitel (phone) | untagged: 11, tagged: none | Printer |
|
|
| 25 | ? | | |
|
|
| 27 | Mitel (phone) | untagged: 11, tagged: none | WS-Boschmann |
|
|
| 28 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
|
|
| 34 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-07 |
|
|
| 35 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 37 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 38 | HP | | ws |
|
|
| 39 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
|
|
| 40 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 41 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-14 |
|
|
| 43 | Sophos AP | untagged: default, tagged: 30,40 | several devices |
|
|
| 44 | HP | | ws |
|
|
| 46 | Mitel (phone) | untagged: 11, tagged: none | |
|
|
| 47 | ? | | |
|
|
| 48 | Server in UG | untagged: 11, tagged: none | |
|
|
|
|
|
|
|
|
## Basis
|
|
|
|
### Network
|
|
|
|
#### Interfaces
|
|
|
|
- LAN (Port1): Network 192.168.11.254/24
|
|
- [x] define V11_LAN_SERVER for this network
|
|
- [x] Call physical LAN interface V50_LAN_MGMT
|
|
- WAN (Port2 and Port8): Two Configured
|
|
- [x] Port2: PPPoE (versatel) 104.151.27.221/32
|
|
- [x] Port8: Static 192.168.178.254/24 (Fritzbox. For phone?)
|
|
- WiFi (BuF_Gast): Network: 192.168.111.100
|
|
|
|
#### VLANs
|
|
|
|
Currently no VLANs (except this weird wifi thing).
|
|
|
|
VLANs for new Firewall:
|
|
- V11_LAN_SERVER
|
|
- V20_LAN_CLIENT
|
|
- V30_WLAN_INTERNAL
|
|
- V40_WLAN_GUEST
|
|
- V50_LAN_MGMT
|
|
- (V70_LAN_PHONE ??)
|
|
|
|
#### DHCP
|
|
- DHCP only for WLAN_Gast: 192.168.111.101 - 192.168.111.120
|
|
- DC is doing DHCP for 192.168.11.0/24 network: 192.168.11.80 - .159
|
|
|
|
#### Services
|
|
|
|
- Star Money (banking)
|
|
- Teamviewer
|
|
- Cosoba
|
|
- DATEV
|
|
- Zoom
|
|
- DropBox
|
|
- Google Drive
|
|
- OneDrive
|
|
- M365
|
|
- Sharepoint
|
|
|
|
|
|
#### DNS
|
|
|
|
- [x] Configure DNS request route to DC for new Firewall
|
|
- DC is doing DNS when acting as DHCP Server
|
|
|
|
### Authentication
|
|
|
|
#### Server
|
|
|
|
- Server Type: AD
|
|
- Server Name: BUF-SRV-DC-01
|
|
- Server IP/Domain: 192.168.11.13
|
|
- Connection Sec: SSL/TLS
|
|
- Port: 636
|
|
- NetBIOS domain: BUF
|
|
- ADS user name: sophos_ldap
|
|
- Password: IT-Glue
|
|
- Emal address attribute: mail
|
|
- Domain name: buf.local
|
|
- Search Queries: dc=buf,dc=local
|
|
|
|
### Phone
|
|
|
|
- not separate configuration needed. Only Set WAN to fritz correctly. Check the connectivity to phones after migration
|
|
|
|
|
|
|
|
### VPN
|