Currently I am working on a highly-available, secure network in GNS3 for a project in my Masters studies. I chose to do this particular project because it would also help re-enforce some of the protocols and configurations that I didn’t utilize or practice often in my previous work. A preview of the network can be seen below:

The network design features the following:

• Dual PFSense Community Edition firewalls at the edge
  • Site-to-Site IPsec VPN
  • Firewall rules on each interface to control traffic flow in the network
  • FRR OSPF package for redundant routing throughout the core
  • DMZ interface for public servers, such as a web server or authoritative DNS server
    • DNS server and web server are to be implemented.
  • CARP Failover VIPs on the DMZ and WAN for automatic failover
  • Duel-WAN connection automatic failover

• Dual Cisco L3 Core switches in the core
  • OSPF routing protocol (with MD5) for redundant routing throughout the core
  • VLANs to separate traffic for the following departments:
    • 10 – IT
    • 11 – SALES
    • 12 – ADMIN
    • 13 – MARKETING
    • 14 – SERVERS
  • VRRP VIP configured for each VLAN to provide redundancy in the core
  • DHCP relay to forward requests to the DHCP server

• Debian server running ISC DHCP:
  • Configured for each client VLAN
  • Bridge interface configured to talk to core switches
    • Link failure redundancy

I hope to have this project fully completed by the end of January 2025, and a write-up completed 2 weeks later.