root@fw-01:~# show ip route
default via 10.0.0.1 dev eth0 proto static
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.5
172.16.0.0/16 via 10.0.0.1 dev eth0
192.168.1.0/24 dev vlan100 proto kernel scope link
root@fw-01:~# netstat -tlnp
Proto Local Address State PID/Program
tcp 0.0.0.0:22 LISTEN 1284/sshd
tcp 0.0.0.0:443 LISTEN 2091/nginx
tcp 0.0.0.0:8443 LISTEN 3102/fortigate
root@fw-01:~# nmap -sS 192.168.1.0/24
Starting Nmap 7.94 ( https://nmap.org )
Nmap scan report for gw.internal (192.168.1.1)
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
root@fw-01:~# traceroute 8.8.8.8
1 gw.internal (10.0.0.1) 0.542 ms
2 isp-pe1.par (82.65.0.1) 3.201 ms
3 core-r1.th2 (195.0.0.1) 5.672 ms
4 dns.google (8.8.8.8) 8.431 ms
root@fw-01:~# ip link show
1: lo: <LOOPBACK,UP> mtu 65536
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500
3: vlan100@eth0: <BROADCAST,UP> mtu 1500
4: wg0: <POINTOPOINT,UP> mtu 1420
root@fw-01:~# cat /etc/ipsec.conf
conn site-to-site
left=82.65.12.34
right=91.121.45.67
authby=rsasig
auto=start
root@fw-01:~# openssl x509 -noout -dates
notBefore=Jan 1 00:00:00 2025 GMT
notAfter=Dec 31 23:59:59 2026 GMT
root@fw-01:~# iptables -L -n
Chain INPUT (policy DROP)
ACCEPT all -- lo
ACCEPT tcp -- 0.0.0.0/0 dpt:443
ACCEPT tcp -- 10.0.0.0/8 dpt:22
DROP all -- 0.0.0.0/0
root@fw-01:~# bgp summary
Neighbor AS MsgRcvd State
82.65.0.1 3215 12847 Established
91.121.0.1 16276 9432 Established
root@fw-01:~# _
╔══════════════════════════════════════╗
║ NETWORK DESIGN — HLD v3.2 ║
║ Client: ACME Corp — DC Paris TH2 ║
╚══════════════════════════════════════╝
┌─────────────┐ ┌─────────────┐
│ INTERNET │ │ MPLS WAN │
│ AS64512 │ │ PE: 3215 │
└──────┬──────┘ └──────┬──────┘
│ 10G │ 10G
┌──────┴──────────────────┴──────┐
│ FW CLUSTER HA │
│ fw-01.th2 fw-02.th2 │
│ Active Standby │
│ VDOM: root / dmz / srv │
└──────┬──────────────┬──────────┘
│ ae0 │ ae1
┌──────┴──────┐ ┌──────┴──────┐
│ SPINE-01 │ │ SPINE-02 │
│ BGP 65001 │ │ BGP 65001 │
└──┬───┬───┬──┘ └──┬───┬───┬──┘
│ │ │ │ │ │
┌──┴┐┌─┴─┐┌┴──┐┌──┴┐┌─┴─┐┌┴──┐
│L01││L02││L03││L04││L05││L06│
└─┬─┘└─┬─┘└─┬─┘└─┬─┘└─┬─┘└─┬─┘
│ │ │ │ │ │
VLAN VLAN VLAN VLAN VLAN VLAN
10 20 30 40 50 60
── Matrice de flux ──────────────
SRC DST PROTO PORT
VLAN10 VLAN30 TCP 443
VLAN10 VLAN30 TCP 8443
VLAN20 VLAN40 TCP 1521
VLAN20 VLAN40 TCP 5432
DMZ INTERNET TCP 443
MGMT ALL TCP 22
MGMT ALL ICMP —
ALL DNS-VIP UDP 53
── Spécifications équipements ──
Chassis: 48x 10GbE SFP+ / 6x 40GbE QSFP+
Redundancy: VSS / MC-LAG / VRRP
MTU: 9216 (jumbo frames enabled)
QoS: DSCP EF for VoIP, AF41 for video
Spanning-Tree: RSTP, BPDU guard on access
── Adressage IP ─────────────────
VLAN Subnet Gateway
10 10.1.10.0/24 .1
20 10.1.20.0/24 .1
30 172.16.30.0/23 .1
40 172.16.32.0/23 .1
50 192.168.50.0/24 .1
60 192.168.60.0/24 .1
DMZ 10.0.100.0/28 .1
MGMT 10.0.255.0/24 .1
P2P 10.0.0.0/30 .1
── Capacité & SLA ───────────────
Uplink ISP: 2x 10Gbps (LAG)
Uplink MPLS: 1x 10Gbps
Latency SLA: < 5ms intra-DC
Availability: 99.99% (HA active)
RPO: 15 min / RTO: 30 min
Backup: daily incremental, weekly full