Testing Setup

This is a list of tests to be carried out to verify that the configurations made work correctly, these checks can be seen in the Checks document

Phase 1

Check that the WAN interface of the router that will go as a dhcp client, receives ip and has connectivity.
Check that the computers receive dynamic ip for those that have a dhcp service, and see that they have connectivity abroad.
Check that the equipment with static IPs have connectivity with other equipment and exit to the outside.
Check that the Nat and firewall rules are properly configured by testing connectivity between the computers according to how the network has been configured.
- The DMZ must have an exit to the outside and connection with the administrator of the servers of LAN2, with the rest of the computers of LAN2 and LAN1 must not have connection.
- The LAN2 will have an exit to the outside, within this there will be two administrators, one for the DMZ where only this will have a connection to it, even a connection by ssh, but will not have a connection to LAN1, and the other administrator for LAN2 who will be in charge of the Vlans you must have a connection to these but not to the DMZ.
- The Vlans will not have an exit to the outside or to the DMZ but they will have a connection with the LAN2 administrator who is in charge of the Vlans.
Check that the computers of each vlan receive dynamic ip and that they do not have a connection between themselves.
Check that the tunnel is created by IPsec, the connection is established between the neighbors, and there is connectivity between them and the defined computers of each network.

Check the operation of Failover, making one of the ISPs turn off and see if the backup path jumps to maintain connectivity, then turn on the ISP that we previously turned off to verify that the backup path changes back to as was at the beginning.
Check the operation of the vrrp, for this the master router will be disconnected, and it will be verified that the client computer continues to have an internet connection and that the vrrp that gives the backup router jumps, then we turn on the master router again, and check that it returns to change the vrrp of the backup to the master.
Check that the upload and download speed changes according to the applied rule. For them, two tests will be carried out on the same computer, one before applying the rule, and then another after applying the bandwidth rules.
Check the load balancing for the DMZ, for this we will use an ubuntu desktop, we will open two internet tabs where videos are being viewed in both, it will be verified that the ip corresponds to a team in the DMZ, and through winbox we will check if the traffic flows for both WAN interfaces, and the interface that gives access to the DMZ should give the relative sum of both internet providers.

Check the operation of Port Knocking, for this we will be connected to the router by winbox and we will try to enter by ssh from the host machine, then we will enter according to the assigned ports to see how the ip of the machine is added to the allowed Address List until be able to enter the router.
Check the functioning of the mikrotik email by gmail, sending it and checking that the email has reached us.
Check for dhcp-related problems and errors in the mail.
Check that the program so that emails arrive automatically according to the specified time works correctly.
Check that Suricata works, creating a rule manually, that collects all the icmp, and see if it captures the log files.
Check that Suricata receives the packets sent by Mikrotik with the mangle rule, using in mikrotik a rule that alerts all icmp.
Check the operation of Layer 7, for this it will be seen if the pages that were defined in the layer 7 protocol within Firewall are blocked, but we continue to have internet access to pages that we did not define to be blocked.

Last updated 2 years ago