Setting up your lab_Untangle Network Security-QQ阅读男生中文都市网

上QQ阅读APP看书，第一时间看更新

Setting up your lab

I recommend that you build your own lab environment to get comfortable with Untangle NGFW and practice the different scenarios before deploying it to your production environment. You can use virtualization platforms such as VMware Workstation or Oracle VirtualBox to build the lab environment.

In our lab, we have ABC bank and Acme school as fictional organizations. ABC bank uses two Untangle NGFWs in a high availability mode. It has two internal subnets for the servers and users, and it uses a leased line for the Internet connectivity.

Acme school has two locations. The HQ has Untangle NGFW running in the router mode, protecting two subnets (internal and DMZ). The remote branch office has an existing firewall, which Acme school decided to replace with Untangle NGFW. So, Acme school deployed Untangle NGFW in the bridge mode behind the existing firewall till the expiration of the firewall license. After the license expiration, Untangle NGFW will be deployed in the router mode. Acme school use ADSL for the Internet connectivity. It uses two ADSL lines in the HQ and only one ADSL line in the branch office.

The remote laptop is used to test the connection from outside organizations and to implement a remote access VPN.

The following figure shows the lab environment used in this book:

The 192.168.1.0/24 subnet is selected to be used as the external interface for all the Untangle NGFW servers to simplify the process of routing between the devices. The detailed environment components are listed in the following table:

Most of the time, we will deal with the components listed in the preceding table. However, additional components may be used in special scenarios, but they will follow the same environment design.

The lab environment is quite large, but not all the environment components will be used at the same time. You can practice most of this book's scenarios using only two machines, one as the Untangle server and the other as the client that we will apply our policies on. Also, for scenarios that require the use of more than one client VM, you can use one VM and change its IP to simulate using different clients.