Existing Internet Router and Connection Details
advertisement
Technical Site Audit v2.0 1 Introduction 1.1 Audit Purpose and Scope The primary purpose of this audit document is to determine the current services used by the school and what services will need to be provisioned on the managed router that will be installed by N4L. This would include how the router should be configured to ensure a successful transition to N4L. This audit document will need to detail the existing services that are used over the current internet circuit. N4L require information on the following key areas; 1. 2. 3. 4. 5. 6. 7. Existing internet connection Location, space and power availability to install the Managed Router Number of public IP addresses currently in use Firewall rules NAT rules Internal LAN information Additional services that use the internet such as; a. Remote Access (VPN) b. Video Conferencing c. Voice over IP Readiness of the physical environment needs to be confirmed and whether any additional cabling or power points are required for the Managed Router installation. 1.2 Post Audit Change Notifications N4L request that any changes implemented POST Audit be notified to provisioning@n4l.co.nz in order to address any design changes. 1.3 Audit Completion To ensure accuracy of information captured from the site audit, N4L request that the person completing this document is the same person who audited the schools network. General Details SoW Reference Number <N4L Complete> MoE School ID <N4L Complete> School Name <N4L Complete> Main Phone Number <N4L Complete> Website URL <N4L Complete> Address <N4L Complete> Site Audit Completed by: Name Company Phone Number Mobile Number Email Address School IT Contact Name Job Title Phone Number Mobile Number Email Address School Primary Contact Name Job Title Phone Number Mobile Number Email Address 2 Existing Network and Services This section describes an overview of the schools existing network topology, public and private IP addressing presently in use, and what devices/interfaces these addresses relate to. It provides the design team with an overview and adds context to the configuration items described later in the document. 2.1 Network Overview In the area provided below or on a separate page, please draw and label each device between your internet connection and your Local Area Network (LAN). An additional area has been provided below for any additional comments not covered. Please sketch your Existing Network The following diagram is an example. Please delete and replace as required. *Please label each device, interface and IP address of each device Brief Summary (optional): 2.1.1 Current Public IP Addresses Please list the current Public IP range/s that has been allocated to the school Public Range Device Allocated to Description e.g. 1.1.1.0/29 Internet Router Used as 1-1 NAT to School Firewall How many Public IP Addresses are currently in use by the school: ____________ If the school is using multiple Public IP Addresses, please define the use of each Public IP address in the table below Public IP address Description e.g. 1.1.1.1 School Mail Server e.g. 1.1.1.2 Video Conferencing – Polycom e.g. 1.1.1.3 Remote Access to School (RDP) 2.1.2 Current School LAN addresses In the table below, please provide details of all networks on your existing LAN VLAN Network/Mask Gateway IP Gateway Device Description e.g. 1 10.0.0.0/16 10.0.01 Firewall School LAN, BYOD etc 3 Existing Internet Router and Connection Details Describe the set-up of the schools existing internet router. 3.1 Connection Details Please provide details of the existing internet connections. (* Copy table for additional connections) Does the school have a dedicated internet router Type of Connection Are you keeping this connection after connection to N4L. (ie.This could be a circuit used for VoIP) No. Yes ADSL: Fibre: Wireless: Other: ________ No. Yes. This connection is still required Current ISP (If known) Current Speed (If known) Current Purpose of the connection: Primary: Secondary: Other: ________ 3.2 Current Internet Router Details (* Copy table for additional routers) Make/Model Existing LAN interface Details Port ID: _____ **For additional LAN Ports please copy and paste this section Speed/Duplex: Auto 10M 1000M Connected to (Device and Port):________________ 100M Access Port – Please complete address details IP Address: Mask: Trunk Port VLAN ID:_________ IP Address: Mask: VLAN ID: _________ IP Address: Mask: Yes: - Please complete NAT/PAT section 3.3 Does this router provide NAT/PAT for the School No: Does this router provide DHCP for the School Yes: - Please complete DHCP section 3.4 Does this router provide Firewalling for the School Yes: - Please complete Firewalling section 3.5 WAN Interface details No: No: Port ID: _____ e.g. Gi0/0 IP Address: Mask: Gateway: Who manages the router Company: Name: Phone Number: Email: Notes/Comments: 3.3 Inbound NAT/PAT - Existing Internet Router Please complete the following section if NAT is been used on the existing internet router. **Skip this section if not required Public IP Origin al Port Destination IP Destinatio n Port Protocol Description e.g.<WAN Int> 80 192.168.0.1 80 TCP “PAT” HTTP (IIS Server) e.g.<WAN IP #2> e.g.<WAN IP> 25 192.168.0.1 25 TCP Any 192.168.0.2 Any IP “PAT” SMTP (Mail Server) “NAT Example” 3.4 DHCP - Existing Internet Router If you currently have DHCP enabled on the existing internet router, please complete the following table. **Skip this section if not required Description VLAN ID DHCP Range and Mask Excluded IP Address Notes: Specific Options, Reservation time etc e.g. BYOD 10 10.0.0.0/24 10.0.0.240-254 Lease 7 Days e.g.Teachers 5 10.0.2.0/24 10.0.2.240-254 Option 150 – TFTP server for voice 3.5 Firewall Rules - Existing Internet Router If the existing internet router is providing firewalling for the school, please define the rules below. **Skip this section if not required Direction Source Destination Protocol Port Action e.g.Outbound 192.168.0.0/24 Any TCP e.g.Outbound 192.168.0.0/24 Any TCP e.g.Outbound 192.168.0.0/24 Any ICMP 80 Description Permit HTTP traffic for Outbound 443 Permit HTTPs traffic for Outbound Any Permit ICMP Echo Requests 3.6 Static Routes - Existing Internet Router If the existing internet router has any specific static routes then please define these in the following table. This would generally be used if the school does not have their own firewall and subnets exist behind a layer 3 switch. Address/Mask Next Hop IP Description e.g. 10.0.0.0/16 192.168.1.1 School LAN 4 School Firewall Details Describe the set-up of the schools existing Firewall. The information provided contributes towards a compatible configuration on the N4L router. Does the School currently have a Firewall Yes: - (Is this school owned Yes: No: What are the WAN Interface details Port ID: __________ If multiple VLAN’s are in use, please copy and multiply the IP Address section. Speed: Auto 10M 100M No: ) 1000M Access Port IP Address: Mask: Gateway: Trunk Port (**complete VLAN info below) VLAN ID:_________ IP Address: Mask: Gateway: VLAN ID: _________ IP Address: Mask: Gateway: LAN Interface details Please complete the table below with the LAN interface details. This has been broken into two tables: (Physical and Logical) Physical Interface Details Port ID Trunk or Access Speed/Duplex Device Connected to and port LAN1 e.g. Access Auto/Auto Core switch - port 5 LAN2 e.g. Trunk 100/Full Core switch - port 6 Description/Comment Logical Interface Details Port ID VLAN ID IP Address and Mask Description e.g. LAN1 e.g. LAN2 e.g. LAN2 Access 192.168.0.10/24 Transport network 100 172.16.1.0/24 Staff Wireless 101 172.16.2.0/24 Student Wireless Who manages the Firewall Does the firewall provide Inbound NAT/PAT from the Internet to Internal Servers/Services (SMTP, Company: Name: Phone Number: Email: Yes: - Please complete table below No: RDP, HTTP etc) If the firewall is providing NAT/PAT functions then please detail this below. WAN IP Original Destination Destination Protocol Port IP Port e.g.192.168.0.1 80 10.0.0.1 80 TCP e.g.192.168.0.1 25 10.0.0.2 25 TCP e.g.192.168.0.1 2222 10.0.0.2 22 TCP Description HTTP (IIS Server) SMTP (Mail Server) SSH (Jump Host) 5 Content filtering Please provide an overview of how many content filtering policies are configured. Also how filtering policies are applied for your school. An additional section (Comments) is provided to add anything extra that should be considered regarding the schools filtering. Please describe the schools existing content filtering service/s (ie Watchdog, UTM firewall, Schoolzone, pfSense) Does the school provide user/group level filtering or one policy for the whole school Single Policy: Multiple Policies: (select Type below) Source IP Directory Integration Both Comments/Notes (ie Using local filtering and also Watchdog) 6 DNS The following section is required to capture the DNS information relating to the school. Detail the DNS addresses assigned to devices on the school LAN Contact details of the who manages your external DNS records (i.e. MX and A records) Primary IP Address: Secondary IP Address: Company: Name: Phone Number: Email: 7 Email The following information is required for N4L to understand what is required during the transition to N4L and ensure no interruption to mail service. Please describe your current email solution i.e. onsite exchange server, Gmail, Office 365 Do you have an onsite mail server Does the school currently use inbound mail filtering from the current ISP. Google Office 365 Schoolzone Other: Please Specify No Yes How many Mailboxes: Mail Server IP Address: SMTP Relay URL/IP: Yes What is the inbound MX Record: No Please specify current outbound SMTP mail relay settings (i.e. example may be to check a Photocopier/Scanner onsite) Contact details of the company/person that currently manages your email server Company: Name: Phone Number: Email: 8 Additional Services This section captures information regarding any additional services presently in use by the school. Knowledge of these services ensures that they are taken into consideration for design. This is required to ensure Video, Voice and any remote access in use by the school continues to function after transition. 8.1 Video Conferencing Does the school use Video Conferencing Yes Who is the provider: No – Please continue to next section Please describe the existing Video Conferencing solution (i.e. Currently use Asnet with Polycom Video conference units) How many dedicated Video Conferencing units does the school have Total Number: Description and Location IP Address Contact details of the Video Conference Provider Company: Name: Phone Number: Email: 8.2 Voice over IP Does the school use VoIP for the telephones Yes If yes, do you have onsite PBX: Yes: No: No – Please continue to next section Please describe the existing VoIP solution (i.e. Onsite PBX with SIP trunks to Callplus over a dedicated ADSL circuit) Does the VoIP Solution have a dedicated connection or is this shared with the current Internet connection Please detail IP Address Details of the onsite PBX (If possible) Contact details of the VoIP Provider Dedicated Connection Shared Internet Connection Interface 1: (i.e. WAN) IP Address: Mask: Gateway: Interface 2: (i.e. LAN) IP Address: Mask: Gateway: Company: Name: Phone Number: Email: 8.3 Remote Access Does the school currently have a remote access solution Please describe the current remote access solution. Yes No - Please continue to next section VPN PPTP SSL IPSEC RDP Public IP/DNS Entry: Server IP: Please specify terminating device for the VPN Other Please specify: Existing School Firewall Existing Internet Router School Server Other: Please Specify: 8.4 Additional Information Please define any other services that are dependent on your existing Internet connection that has not been covered above. <This section could include hosted services that are offered by the school, or alternatively information on schools which are part of a loop and receive hosted services> 9 Router Installation Details Please provide details where the N4L managed router is going to be installed, this will need to be as close to ONT (Optical Network Terminal) as possible. Router Dimensions Managed Router Dimension : 88.9mm x 438.2mm x 469.9 mm (2U height) Managed Router Weight : 15.5kg Is the Rack Free Standing or Wall Mounted Free Standing Wall Mounted Comments: Is there 4U rack space available for Managed Router installation <may require space above and below router> Yes No If Not, is there a minimum of 2U available: Yes No Please specify in the comments section if no space is available and proposed location where the router could be installed Comments: Is the rack deep enough for the Managed Router (550mm) Yes No Comments: Is there an available power outlet in the Rack and is the power outlet protected Yes UPS Surge Protected Not Protected No Comments: Is there a spare port on the switch/firewall for the Managed Router to plug into Yes Device and Port ID: No Is there structured cabling between the ONT and proposed Managed Router location Please specify the cabling distance between ONT and proposed Managed Router location Ensure cabling does not run along the floor or hanging above the ground and provide trip hazard. Yes No Patch Cable Length (Meters): 1. Please provide a photo of the Server Room. If possible show ONT and Cabinet in the shot. 2. Please provide a photo of the rack location where the router is to be installed
