MINISTRY OF EDUCATION AND TRAINING HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION THESIS COMPUTER ENGINEERING TECHONOLOGY DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES ADVISOR: ME. LE MINH STUDENT: LE DUY BINH NGUYEN AN LONG AN SKL010584 Ho Chi Minh City, December, 2022 HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION PROJECT 2 DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES LÊ DUY BÌNH Student ID: 18119006 NGUYỄN AN LONG ẨN Student ID: 18119004 Major: COMPUTER ENGINEERING TECHNOLOGY Ho Chi Minh City, December 2022 HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY AND EDUCATION FACULTY FOR HIGH QUALITY TRAINING GRADUATION PROJECT 2 DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES LÊ DUY BÌNH Student ID: 18119006 NGUYỄN AN LONG ẨN Student ID: 18119004 Major: COMPUTER ENGINEERING TECHNOLOGY Advisor: M. Le Minh Ho Chi Minh City, December 2022 THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness -------- Ho Chi Minh City, December 15, 2022 PROJECT ASSIGNMENT Student name: NGUYỄN AN LONG ẨN Student ID: 18119004 Student name: LÊ DUY BÌNH Student ID: 18119006 Major: Computer Engineering Technology Class: 18119CLA Advisor: LÊ MINH Phone number: _________________ Date of assignment: _____________________ Date of submission: 25/12/2022 1. Project title: DESIGN OF A NETWORK FOR STANDARD AND SMALL-SIZED ENTERPRISES 2.
Initial materials provided by the advisor: 3. Content of the project: Design and simulate a network for enterprises with 3 departments of a maximum of 200 employees. Main features of the proposed network are VLANs, an internal web and domain server, Firewalls, Internet connections, and site-to-site VPN connections. Final product: Simulation of a network for standard and small-sized enterprises.
CHAIR OF THE PROGRAM ADVISOR (Sign with full name) HO CHI MINH CITY OF UNIVERSITY OF SOCIALIST REPUBLIC OF VIETNAM TECHNOLOGY AND EDUCATION Independence – Freedom – Happiness FACULTY OF HIGH QUALITY TRAINING Ho Chi Minh City, January 10, 2023 MODIFYING EXPLANATION OF THE GRADUATION PROJECT MAJOR: COMPUTER TECHNOLOGY ENGINEERING 1. Project title: Design of a Network for Standard and Small-sized Enterprises. Student name: Lê Duy Bình ID: 18119006 Student name: Nguyễn An Long Ẩn ID: 18119004 3. Defending Council: Council 2, Room: A3-404, 3rd January 2023.
Modifying explanation of the graduation project: TT Council comments Editing results Note All citations have been updated 1 Use appropriate citations. to ‘Web Site’ and ‘Journal Article’ citations. Head of Department Advisor Students (Sign with full name) (Sign with full name) d THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness -------- Ho Chi Minh City, December 3, 2021 PRE-DEFENSE EVALUATION SHEET Student name:. Name of Reviewer:.
Content and workload of the project. Approval for oral defense? (Approved or denied) .) Ho Chi Minh City, Dec 15, 2022 REVIEWER (Sign with full name) THE SOCIALIST REPUBLIC OF VIETNAM Independence – Freedom– Happiness -------- EVALUATION SHEET OF DEFENSE COMMITTEE MEMBER Student name:. Name of Defense Committee Member:. Content and workload of the project .) Ho Chi Minh City, Dec 15, 2022 COMMITTEE MEMBER (Sign with full name) ACKNOWLEDGEMENTS To complete this report, we would like to express our sincere thanks to the advisor – Mr.
Le Minh for his dedicated and detailed guidance so that we had enough knowledge to apply to the report. During the course project, although we have tried our best to complete it in the best way, it is difficult to avoid errors. We look forward to our advisor's devoted help and guidance to help us gain more experience and complete this project in a better way. Besides, we would also like to thank the classmates for their help and support to help the group complete this report well.
Finally, my team would like to wish Mr. Le Minh and the classmates of the 18th class of Computer Engineering Technology good health, success, and happiness. STUDENT COMMITMENT Our team hereby declares that this is our research work and is under the advisor Le Minh. The research contents in the topic "Design of a network for standard and small-sized enterprises" of us are honest and the data in the tables for analysis is collected from different sources.
If we detect any fraud, we will take full responsibility for the content of our report. Representative of the graduation project implementation group (Sign and write full name) Student 1 Student 2 Le Duy Binh Nguyen An Long An ABSTRACT Science and technology are more and more modern and advanced, the information explosion is inevitable, leading to the need for safety when connecting to the network and managing users at enterprises is important and necessary. For that reason, the topic “Design of a network for standard and small-sized enterprises” which we finished, helps a lot in network security and employee management for the enterprises to operate effectively. In this project, we designed and simulated a network for standard and small-sized enterprises with 3 departments, an internal server to monitor activities of users, 2 internet connection lines, and a local website.
First, the network system has solved the Internet connection, helped all the computers inside the enterprise to connect to the Internet. Next, with an easy-to-use web interface, the administrator can easily track the activities logs of the users. In addition, the network will also have the backup firewall whenever the primary firewall is down. Finally, having VPN in case the enterprise will have another branch to exchange data.
We use EVE-NG software to simulate the enterprise’s network model. The advantage of this software is the interactive interface with the user. And we also use ADAuditPlus software to manage employees. The topic “Design of a network for standard and small-sized enterprises” is now having more improvement than the others before.
We have used the 2 Fortigate firewalls in network security, one is the primary use and the other is for back-up, this will help the enterprise to operate smoothly even when the primary firewall is in trouble. We use ADAudit Plus to manage users because it has an easy-to-use interface for the administrator. The simulation shows that the Internet connection works relatively well, ADAuditPlus has done a great job in managing employees. Computers from departments reach the internal server and vice versa successfully.
VPN operates well for extending more enterprise branches. TABLE OF CONTENTS CHAPTER 1: OVERVIEW. SCOPE OF RESEARCH. 3 CHAPTER 2: THEORETICAL BASIS.
Types of VLANs. Concept of VPN. Advantages of VPN. Advantages of Windows Servers.
Some of the main functions of Windows Server. How does ADAuditPlus work?. 10 CHAPTER 3: SYSTEM DESIGN AND CONFIGURATION. PROPOSED NETWORK MODEL.
Enterprise’s Network Model. ENTERPRISE’S NETWORK SIMULATION. Vlan, trunking configuration. Default Route Configuration.
IP SLA Configuration. Active Directory Domain Service on Windows Server 2016. IIS Windows Server 2016. High Availability Configuration on Firewall.
Inter-Vlans on Fortigate Firewall. Policy configuration on Fortigate Firewall. Static Route Configuration on Fortigate Firewall. LAN SERVICE RESULTS.
Test the connection between PCs from departments and the internal server. Test the domain of the enterprise and its policy. Test local website of the enterprise. Test the redundant plan of the firewalls.
Test the Internet connection of the network. Test VPN site to site between PCs in SITE-A and PC SITE-B. Manage and monitor users by ADAuditPlus. 46 CHAPTER 5: CONCLUSIONS AND FUTURE WORK.
51 TABLES OF FIGURES Figure 1: Local Area Network [2]. 4 Figure 2: Virtual Local Area Networks [3]. 5 Figure 3: Port-Based VLAN [4]. 5 Figure 4: Protocol-Based VLAN [5].
6 Figure 5: MAC-based VLAN [6]. 6 Figure 6: Trunking DOT1Q[8]. 7 Figure 7: GRE Tunnel [10]. 8 Figure 8: The workflow of ADAudit Plus.
11 Figure 9: The Model of the Enterprise’s Network. 13 Figure 10: Simulate the Network of the Enterprise on EVE-NG. 14 Figure 11: Sales, HR, IT Departments. 15 Figure 12: VLANs show on Core Switch.
15 Figure 13: VLAN of IT Department Shows on Access Switch. 15 Figure 14: Ports Connect to VLAN. 16 Figure 15: Trunking Configuration on Core Switch. 16 Figure 16: Trunking Configuration on Access Switch.
17 Figure 17: Default Route Configuration on SITEA Router. 17 Figure 18: NAT_VLANS access list. 18 Figure 19: Route-map Configuration. 18 Figure 20: Connect to The Outside Port.
18 Figure 21: NAT Inside on SITEA Router. 19 Figure 22: NAT Outside on SITEB Router. 19 Figure 23: ip sla 1. 20 Figure 24: ip sla 2.
20 Figure 25: Static Route for Internet Connection Line. 21 Figure 26: Add Roles and Features tab. 21 Figure 27: Active Directory Domain Service at Server Roles. 21 Figure 28: Group Policy Management.
22 Figure 29: Domain Controller Promotion. 22 Figure 30: Root Domain Name. 22 Figure 31: NetBIOS Domain Name. 23 Figure 32: Server’s DNS.
23 Figure 33: Accounts for the employees of IT and HR departments. 23 Figure 34: Accounts for the employees of Sales department. 24 Figure 35: Password policies. 24 Figure 36: Account lockout policies.
24 Figure 37: Web Server (IIS). 25 Figure 38: Web Server (IIS) has been installed successfully. 25 Figure 39: Add Website tab. 26 Figure 40: Website’s Information.
26 Figure 42: Properties of Computer. 27 Figure 43: Computer Name/Domain Changes. 27 Figure 44: Administrator Account. 28 Figure 45: Join hcmute.
28 Figure 46: Show the domain name successfully. 28 Figure 47: Redundant plan for firewalls. 28 Figure 48: HA tab. 29 Figure 49: Primary Firewall Configuration.
29 Figure 50: Back-up Firewall Configuration. 30 Figure 51: Interfaces tab. 30 Figure 52: VLAN Configuration. 31 Figure 53: VLAN10, VLAN20, VLAN30.
31 Figure 54: Firewall Policy tab. 31 Figure 55: Policy for Sales Dept to reach IT Dept. 32 Figure 56: Policy for IT Dept reaches Sales Dept. 33 Figure 57: Policy for IT Dept reaches HR Dept.
33 Figure 58: Policy for PCs to connect to the Internet. 34 Figure 59: Policies after Configuring. 34 Figure 60: SITEA Router. 34 Figure 61: GRE Tunnel on SITEA Router.
35 Figure 62: SITEB Router. 35 Figure 63: GRE Tunnel on SITEB Router. 35 Figure 64: Parameters When Creating Address From the Branch Site. 36 Figure 65: Parameters when creating Address for GRE Tunnel.
36 Figure 66: Policy for The Branch to Reach the Head Office. 37 Figure 67: Policy for The Head Office to Reach the Branch. 37 Figure 68: Default Route Configuration on SITEB Router. 37 Figure 69: NAT_VLANS Access List.
38 Figure 70: Connection to the outside port. 38 Figure 71: NAT Inside on SITEB Router. 38 Figure 72: NAT Outside on SITEB Router. 39 Figure 73: Static Route tab.
39 Figure 74: Static Route Configuration for PCs in the Head Office Site. 39 Figure 75: Static Route Configuration for PCs in the Branch Site. 40 Figure 76: Sales’ PC Connected to the Server. 41 Figure 77: HR’s PC Connected to the Server.
41 Figure 78: The Server Connected to PCs. 42 Figure 79: User after Joining hcmute. 42 Figure 80: Account Has Been Locked out. 42 Figure 81: Local Website of the Enterprise.
43 Figure 82: First Firewall Turned off. 43 Figure 83: All the Policies Have Been Synced. 43 Figure 84: Sales’ PC pinged 8. 44 Figure 85: HR’s PC pinged 8.
44 Figure 86: PCs used the Internet successfully. 45 Figure 87: The PC in the head office site reached to the PC in the branch site. 45 Figure 88: The PC in the branch site reached the PC in the head office site. 46 Figure 89: The server reached the PC in the branch site.
46 Figure 90: The PC in the branch site reached the server. 46 Figure 91: Dashboard of Employee’s Activities. 47 Figure 92: Lockout and Change Password Activities. 48 Figure 93: Logon Failures.
48 Figure 94: Policies Change Record.