This post is part of a series, for the series contents see:
From a fundamental building blocks perspective, the lab is starting to take shape. I have my hub, internal, and DMZ networks setup and a VPN connection from my PC into that hub.
If I look at the original high-level design then I’ve just got the security network section to go, which is all nice and peachy!
Realistically it still has a long way to go though:
- I’ve built up some VMs but I haven’t configured any of them.
- So whilst I have a WAF and an intended web server sat behind it, I haven’t actually configured that web server yet so I can’t see my WAF in action.
- Furthermore, because I haven’t setup my VNET peering or exposed any of my VMs with a public IP then, at the moment, I don’t even have a way of getting to that web server to configure it!
Once I’ve setup my peering I’ll be able to connect to my management station and use it to connect to those DMZ or internal VMs to configure them. Annoyingly, even when I get around to configuring my VNET peering I don’t think I’ll be able to jump straight from my local machine and traverse the VPN & network to hit a machine in the DMZ. The reason for this is that I’m using a point-to-site, rather than site-to-site, VPN so I have nowhere that I can define my VPN client range as a “local network” that would allow that traversal. Well, nowhere that I know of at the moment – admittedly I could do with having a bit of a deeper dig into it!
So what’s next?
- Get my security network and firewall VM setup
- Setup the VNET peering that will allow me to connect to everything for configuration.
- Configure my web server
- Configure my firewall
- Configure routing to push traffic via that firewall
That should keep me busy for a bit but there’s still plenty to do, even after that.