Lab 3.1 Firewall Workshop

Last updated on 
Setup for Lab 3.1 Firewall Workshop

For this lab, we are going to create the following GNS topology. In this scenario, PC1 belongs to department 1 and PC2 belongs to department 2 and we want to set up a firewall to prevent PC1 from being able to connect to the network that PC2 is on and vice-versa. For this scenario, we have added the MikroTik CHR cloud router, 2 VPCS machines, and the MikroTik WinBox appliance to our workspace.

Internet (Cloud1) connected to MyCompany on port ether1PC1 connected to MyCompany on port ether3PC2 connected to MyCompany on port ether5MikrotikWinbox-1 connected to MyCompany on port ether2MyCompany has two bridged networks set upbridge1: 192.168.10.1/24 network 192.168.10.0 on ports ether3,ether4bridge2: 192.168.20.1/24 network 192.168.20.0 on ports ether5,ether6MyCompany has two DHCP servers set updhcp1: 192.168.10.1 / 192.168.10.2-192.168.10.253 on bridge1dhcp2: 192.168.20.1 / 192.168.20.2-192.168.20.253 on bridge2

Step 1: Add all the appliances to the workspace and create the links between the devices as shown above. If you need a refresher on how to add appliances to the workspace or create links for the devices, please view the following documentation here.

Step 2: Edit the configuration for PC1 and PC2 and set them both to DHCP. (Right click the appliance and Edit Config). Uncomment the dhcp line to enable DHCP.

Enabling DHCP on the VPCS devices

Step 3: Start the CHR and MikrotikWinbox appliances. After the appliances have been started, right click the MikrotikWinBox appliance and select Console to launch the UI. When the appliance has been loaded, log into the device (you may have to use the IP6 address to log into the interface as I've noticed an issue sometimes using the MAC address with the CHR to log in. You can get the IP address from the Neighbors tab)