Netsyn — Contact

root@fw-01:~# show ip route default via 10.0.0.1 dev eth0 proto static 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.5 172.16.0.0/16 via 10.0.0.1 dev eth0 192.168.1.0/24 dev vlan100 proto kernel scope link root@fw-01:~# netstat -tlnp Proto Local Address State PID/Program tcp 0.0.0.0:22 LISTEN 1284/sshd tcp 0.0.0.0:443 LISTEN 2091/nginx tcp 0.0.0.0:8443 LISTEN 3102/fortigate root@fw-01:~# nmap -sS 192.168.1.0/24 Starting Nmap 7.94 ( https://nmap.org ) Nmap scan report for gw.internal (192.168.1.1) PORT STATE SERVICE 22/tcp open ssh 443/tcp open https root@fw-01:~# traceroute 8.8.8.8 1 gw.internal (10.0.0.1) 0.542 ms 2 isp-pe1.par (82.65.0.1) 3.201 ms 3 core-r1.th2 (195.0.0.1) 5.672 ms 4 dns.google (8.8.8.8) 8.431 ms root@fw-01:~# ip link show 1: lo: <LOOPBACK,UP> mtu 65536 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 3: vlan100@eth0: <BROADCAST,UP> mtu 1500 4: wg0: <POINTOPOINT,UP> mtu 1420 root@fw-01:~# cat /etc/ipsec.conf conn site-to-site left=82.65.12.34 right=91.121.45.67 authby=rsasig auto=start root@fw-01:~# openssl x509 -noout -dates notBefore=Jan 1 00:00:00 2025 GMT notAfter=Dec 31 23:59:59 2026 GMT root@fw-01:~# iptables -L -n Chain INPUT (policy DROP) ACCEPT all -- lo ACCEPT tcp -- 0.0.0.0/0 dpt:443 ACCEPT tcp -- 10.0.0.0/8 dpt:22 DROP all -- 0.0.0.0/0 root@fw-01:~# bgp summary Neighbor AS MsgRcvd State 82.65.0.1 3215 12847 Established 91.121.0.1 16276 9432 Established root@fw-01:~# _

╔══════════════════════════════════════╗ ║ NETWORK DESIGN — HLD v3.2 ║ ║ Client: ACME Corp — DC Paris TH2 ║ ╚══════════════════════════════════════╝ ┌─────────────┐ ┌─────────────┐ │ INTERNET │ │ MPLS WAN │ │ AS64512 │ │ PE: 3215 │ └──────┬──────┘ └──────┬──────┘ │ 10G │ 10G ┌──────┴──────────────────┴──────┐ │ FW CLUSTER HA │ │ fw-01.th2 fw-02.th2 │ │ Active Standby │ │ VDOM: root / dmz / srv │ └──────┬──────────────┬──────────┘ │ ae0 │ ae1 ┌──────┴──────┐ ┌──────┴──────┐ │ SPINE-01 │ │ SPINE-02 │ │ BGP 65001 │ │ BGP 65001 │ └──┬───┬───┬──┘ └──┬───┬───┬──┘ │ │ │ │ │ │ ┌──┴┐┌─┴─┐┌┴──┐┌──┴┐┌─┴─┐┌┴──┐ │L01││L02││L03││L04││L05││L06│ └─┬─┘└─┬─┘└─┬─┘└─┬─┘└─┬─┘└─┬─┘ │ │ │ │ │ │ VLAN VLAN VLAN VLAN VLAN VLAN 10 20 30 40 50 60 ── Matrice de flux ────────────── SRC DST PROTO PORT VLAN10 VLAN30 TCP 443 VLAN10 VLAN30 TCP 8443 VLAN20 VLAN40 TCP 1521 VLAN20 VLAN40 TCP 5432 DMZ INTERNET TCP 443 MGMT ALL TCP 22 MGMT ALL ICMP — ALL DNS-VIP UDP 53 ── Spécifications équipements ── Chassis: 48x 10GbE SFP+ / 6x 40GbE QSFP+ Redundancy: VSS / MC-LAG / VRRP MTU: 9216 (jumbo frames enabled) QoS: DSCP EF for VoIP, AF41 for video Spanning-Tree: RSTP, BPDU guard on access ── Adressage IP ───────────────── VLAN Subnet Gateway 10 10.1.10.0/24 .1 20 10.1.20.0/24 .1 30 172.16.30.0/23 .1 40 172.16.32.0/23 .1 50 192.168.50.0/24 .1 60 192.168.60.0/24 .1 DMZ 10.0.100.0/28 .1 MGMT 10.0.255.0/24 .1 P2P 10.0.0.0/30 .1 ── Capacité & SLA ─────────────── Uplink ISP: 2x 10Gbps (LAG) Uplink MPLS: 1x 10Gbps Latency SLA: < 5ms intra-DC Availability: 99.99% (HA active) RPO: 15 min / RTO: 30 min Backup: daily incremental, weekly full

contact@netsyn.fr