HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/LHouwen/dokuwiki.logic.nl/wwwroot/data/pages/office/
Upload Files
File: D:/HostingSpaces/LHouwen/dokuwiki.logic.nl/wwwroot/data/pages/office/network.txt
====== Logic Demo LAN ======

Demo equipment that needs internet access for external users or sources should be connected to the special //Demo LAN//. This LAN is available in the //Lab office// through a dedicated network switch.

The //Demo LAN// can only be accessed by attaching a laptop directly to the network switch, or with a VPN client with access to the //Demo LAN//. The VPN client can also be used from within the //LOGIC LAN// (to access the demo's from a workplace).

**CAUTION** whoever has access to the //Demo LAN// can see all devices connected to the LAN, including Logic PC/s, Laptops attached to the //Demo LAN//. Although access is restricted to a specific device, a user theoretically could install software/malware on the device and hack its way into the other systems attached to the //DEmo LAN//.

====== Pre-Requisites ======

  - Static IP-address for the demo unit
  - Connection type to the demo unit (SSH, RDP)
  - Local user account for the demo unit
  - Remote User account for a VPN Client
  - VPN Client installation for the (remote) user

===== 1. Static IP-Address =====

The //Demo LAN// uses the fixed IP network 10.1.1.xx with xx being a number between 10-99. These addresses must be unique for the devices attached to the //Demo LAN//. 

Check the list in **S:\Sales\Logic Demo LAN.xlsx** for available addresses.

Additional IP4 parameters for the demo board are:
  * IP-address: 10.1.1.xx
  * subnet: 255.255.255.0
  * Subnet prefix length: 24
  * Gateway: 10.1.1.1
  * DNS: 10.1.1.1

===== 2. Connection Type =====

Depending on the OS and the requirements for external access, the demo unit must be configured to support one of these connection types:
  * Linux systems: SSH over port 22
  * Windows systems: RDP over port 3389


===== 3. Local User Account =====

Define a local user to access the demo unit with sufficient rights to perform the tasks at hand.
If this must be an administrator or root, then make sure to create a new user with these rights in order to have a backup in case the system requires a hard reset.

===== 4. Remote User Account =====

This is a user/pw combination for the VPN client that will be configured in the Logic firewall. Together with the device IP-address it will grant access to the //Demo LAN//.

The user name should be a unique non-email name reflecting the device or use case, like: karo, tuxera, LDRA.
The password should be strong and in most cases will be generated during firewall configuration.
  
===== 5. VPN Client =====

The FortiClient VPN software is a requirement to access the //Demo LAN//.

Open this webpage: https://www.fortinet.com/support/product-downloads  and scroll down to the section **FortiClient VPN**. 

Download the version for your OS and run the installer.

The //VPN Name// is: vpn.logic.nl

1. Create new VPN Connection in the Forticlient VPN;
   Connection name: Demo Lan
   Remote Gateway: vpn.logic.nl
2. Save

3. Log in with the username and PW corresponding to the demo you are trying to reach. Found here: S:\Sales\Logic Demo LAN.xlsx





====== Establish the connection ======

When the demo unit is configured and connected to the //Demo LAN// and the remote user is configured in the firewall, you can test the VPN connection to the demo unit.

===== 1. Connect to the Demo LAN =====

Fire up the //Forticlient VPN// and Connect to the LAN. If this is successfull, the FortiClient will show //VPN Connected//.

===== 2. Connect to the demo unit =====

When the VPN is connected, you can open an SSH or RDP channel to the demo unit on your local system, using its **IP-Address** as host name. Do not use the real host name. this will not work.

====== Terminate the connection ======

It is sufficient to //Disconnect// the FortiClient VPN relay. The local session will remain open for later use, unless the demo unit has a timeout set for a remote connection.


====== Instructions for external Users ======

Copy the below text in an email and fill in the blanks. 

**Send the VPN client password and the target password in a separate email !**

===== Email Template =====

1. The FortiClient VPN software is a requirement to access the Demo network.

Open this webpage: https://www.fortinet.com/support/product-downloads  

Scroll down to the section FortiClient VPN. 

Download the version for your OS and run the installer.

2. Fire up the Forticlient VPN and Connect to the LAN. 

The VPN Name is: vpn.logic.nl

The VPN Username is: <fill in from the Excel sheet>

The VPN pw will be sent to you in a separate email.

If the login is successfull, the FortiClient will show " VPN Connected" .

3. Now you can connect to the target hardware with SSH or RDP, depending on the target OS.

The IP-address of the demo unit is: 10.1.1.<fill in from the Excel sheet>

The username is: <fill in from the Excel sheet>

The pw will be sent to you in a separate email. 

4. To terminate the connection, it is sufficient to Disconnect the FortiClient VPN. The local session will remain open for later use, unless the demo unit has a timeout set for a remote connection.
@ Telegram