Solved: Help me make project

nthn21 · ‎12-22-2024

dsSo I make this circuit but really confused to configure it.

It must included the aspects that are:

The network will host several servers, including web, email, and file servers.

The company has a firewall protecting a DMZ (Demilitarized Zone), with public access to the web and email servers.

Internal networks will use Virtual LANs (VLANs) to segment traffic between different departments: HR, IT, and Finance.

Routers and switches must connect these VLANs while maintaining security and minimizing bandwidth usage.

Implement security measures to enforce Confidentiality, Integrity, and Availability (CIA triad).

The network should block access to websites related to pornography, gambling, and online games using a firewall.

Implement a bandwidth limiter to prevent any single department from overusing the network resources.

Note: The part about blocking access to websites refers to blocking IP from another server.
And I have to make wifi that separated between student and lecturer.

Can someone help me make the configuration in a file.pkt?
Here's mine:

Flavio Miranda · ‎12-22-2024

@nthn21

I will give you some direction.

- DHCP server does not need to be in DMZ. Unless you need DHCP on the DMZ, but then you can add one server exclusive for DMZ.

Adding only one DHCP server on the DMZ, will make it difficult for you to allow host from your local lan to get IP. You dont need this.

- Dont put that much interface vlan on firewall. Firewall in PacketTracer is very limited. Add those interface on your core switch, that´s why you usually add a Core switch to network. Leave the firewall to only filter traffic from Corp network to DMZ.

- I would add only one DMZ but is not wrong to have two.

-Dont connect Access Point to Core switch. Add a switch only to connect the Access Point. Then, connect this switch to Core.

View solution in original post

Flavio Miranda · ‎12-22-2024

Thats why I am telling you. Add the DHCP server outside the DMZ.

Creste some kind of small data center and add the Core and DHCP server.

The firewall will be the harder part.

View solution in original post

Flavio Miranda · ‎12-22-2024

@nthn21

I will give you some direction.

- DHCP server does not need to be in DMZ. Unless you need DHCP on the DMZ, but then you can add one server exclusive for DMZ.

Adding only one DHCP server on the DMZ, will make it difficult for you to allow host from your local lan to get IP. You dont need this.

- Dont put that much interface vlan on firewall. Firewall in PacketTracer is very limited. Add those interface on your core switch, that´s why you usually add a Core switch to network. Leave the firewall to only filter traffic from Corp network to DMZ.

- I would add only one DMZ but is not wrong to have two.

-Dont connect Access Point to Core switch. Add a switch only to connect the Access Point. Then, connect this switch to Core.

nthn21 · ‎12-22-2024

But I'm confused about configuring the firewall using ASA, do you have any advice you could give?
I want to make all PC's connect to the IP automatically using DHCP, but the firewall makes the PC's can't connect to the DHCP IP.

Flavio Miranda · ‎12-22-2024

Thats why I am telling you. Add the DHCP server outside the DMZ.

Creste some kind of small data center and add the Core and DHCP server.

The firewall will be the harder part.

nthn21 · ‎12-22-2024

Okay, thank you very much for your help, sir.

Flavio Miranda · ‎12-22-2024

Make the changes I told you. Add the file here again, let me see. I can help you with the firewall config. Just try to do as much as you can.

Start drafting an IP addressing scheme for you network.

nthn21 · ‎12-23-2024

So, I've made another topology because the previous one is confusing to configure; I've made the ping, etc. I just need another server to make up the servers that need to be blocked. And the firewall is configured.
This is the Updated topology.

Flavio Miranda · ‎12-23-2024

Looks much better now. Simpler and have the elements you need.

The firewall also looks better, you just need to create Access List and access group.

nthn21 · ‎12-23-2024

Can I create access to the file server, which can just be accessed by HR, IT, and Finance? And the other server can be accessed by everyone?

Flavio Miranda · ‎12-23-2024

Yes, but the firewall is buggy. Hold on, I will try to help you.

nthn21 · ‎12-23-2024

I've make the config for the inside. Now the wi-fi and the outside is really hard
This the newest

Flavio Miranda · ‎12-23-2024

Wow...you made progress...Congratulation!!

ASA is very hard.

What about the wifi? What is not working?

nthn21 · ‎12-23-2024

Sir, can you help me with this thing? I can't make the wifi users connect/ping the web server and file server. Can you help me configure it? I do a lot of configure but still can't connect.

Flavio Miranda · ‎12-23-2024

I made a small change. It is working.