Restructure networking section (#375)

* restructure networking section * remove f5 admin portal references as its palo * folder restructure * Remove list and keep to generic slack channel * add bash references * replace images to correct * fix links * fix links --------- Co-authored-by: Thomas Thornton <>
hmcts · Jan 8, 2025 · 505ad04 · 505ad04
1 parent 9859000
commit 505ad04
Show file tree

Hide file tree

Showing 20 changed files with 320 additions and 257 deletions.
diff --git a/source/monitoring/dynatrace-private-locations.html.md.erb b/source/monitoring/dynatrace-private-locations.html.md.erb
@@ -54,7 +54,7 @@ Here is an [example pr](https://github.com/hmcts/azure-private-dns/pull/800).
 
 If the DNS is resolving but you're getting a timeout error when running an on-demand execution, the issue could be firewall related.
 
-Connect to the appropriate [Palo Alto](../network/connecting-palos.html) and check the Palo Alto [monitor](../network/palos-troubleshooting.html).
+Connect to the appropriate [Palo Alto](../network/palo-alto/connecting-palos.html) and check the Palo Alto [monitor](../network/palo-alto/palos-troubleshooting.html).
 
 If the traffic is showing as denied, then you will need to ensure the traffic is allowed by ensuring the two networks are in the correct zone and there is a rule to allow the traffic.
 

diff --git a/source/network/F5-GeoIP.html.md.erb b/source/network/F5-GeoIP.html.md.erb
diff --git a/source/network/accounts.html.md.erb b/source/network/accounts.html.md.erb
diff --git a/...ce/network/MyCloudGateway_ops.html.md.erb → ...oudgateway/MyCloudGateway_ops.html.md.erb b/...ce/network/MyCloudGateway_ops.html.md.erb → ...oudgateway/MyCloudGateway_ops.html.md.erb
@@ -1,38 +1,38 @@
 ---
-title: MyCloudGateway - Operations Guide
-weight: 100
+title: Operations Guide
+weight: 10
 last_reviewed_on: 2024-05-16
 review_in: 6 months
 ---
 # <%= current_page.data.title %>
 
-The My Cloud Gateway service provides wide area networking between MoJ office, data centres and public cloud providers. 
+Cloud Gateway service provides wide area networking between MoJ office, data centres and public cloud providers. 
 
 ## Portal
-Once you have a login and have registered your mobile phone, connect to the portal via https://my.cloudgateway.co.uk/login and enter the OTP code you have just been sent.
+Once you have a login and have registered your mobile phone, connect to the portal via [https://my.cloudgateway.co.uk/login](https://my.cloudgateway.co.uk/login) and enter the OTP code you have just been sent.
 
 
 ## Firewall Rules
-https://my.cloudgateway.co.uk/protect
-
 Select the Protect tab to see the existing firewall rule. New rules and modifications are managed via service requests.
 
+[https://my.cloudgateway.co.uk/protect](https://my.cloudgateway.co.uk/protect)
+
 ## Routing 
 My Cloud Gateway manage all routes, any routes created in Azure Virtual WAN, will have to be imported by My Cloud Gateway, via a service request.
 
 ## NAT
 Network address transition is used to minimise IP routing complexity from Azure.  VIP address on MyCloudGateway enable Azure to reach MoJ offices, without knowing the full routing table.
 
 ## Monitoring
-https://my.cloudgateway.co.uk/inspect/traffic-logs
-
 The Inspect tab can be used to gain access to the live traffic logs.  Important to use filters, such as source or destination IP, as the logs are very busy.
 Export logs to CSV, is more reliable than the live logs feature. Plus the file can be emailed to 3rd parties, enabling team work, on problem solving.
 
+[https://my.cloudgateway.co.uk/inspect/traffic-logs](https://my.cloudgateway.co.uk/inspect/traffic-logs)
 
 ## Service Requests
-https://my.cloudgateway.co.uk/support/service-requests
-
 When something has stopped working, an incident needs to be logged. To add or modify My Cloud Gateway, log a service request.
 
-Service requests are chargable, so consider creating a single large request, if you need multiple tasks completing.
+Service requests are chargable, so consider creating a single large request, if you need multiple tasks completing.
+
+[https://my.cloudgateway.co.uk/support/service-requests](https://my.cloudgateway.co.uk/support/service-requests)
+
diff --git a/source/network/cloudgateway/index.html.md.erb b/source/network/cloudgateway/index.html.md.erb
@@ -0,0 +1,13 @@
+---
+title: CloudGateway
+last_reviewed_on: 2024-01-26
+review_in: 12 months
+weight: 70
+---
+
+### Admin / Access
+- [Admin Portal](https://my.cloudgateway.co.uk/login)
+
+### Guides
+- [Information](https://my.cloudgateway.co.uk/)
+- [Using MyCloudGateway](MyCloudGateway_ops.html)
diff --git a/source/network/connecting-palos.html.md.erb b/source/network/connecting-palos.html.md.erb
diff --git a/source/network/f5/F5-GeoIP.html.md.erb b/source/network/f5/F5-GeoIP.html.md.erb
@@ -0,0 +1,72 @@
+---
+title: Update GeoIP
+last_reviewed_on: 2024-12-12
+review_in: 6 months
+weight: 10
+---
+
+# <%= current_page.data.title %>
+
+## IP Geolocation Database
+
+Used to control access to the VPN based on the physical location of the user connection. The database is updated monthly and doesn't interrupt service.
+
+[F5 GeoIP Guide](https://my.f5.com/manage/s/article/K11176)
+
+## Prerequisites
+
+1. SSH access to the F5 device, via bash. (Beware the Azure NSG rules)
+2. Access to [my.f5.com](https://my.f5.com) and "HM Courts & Tribunals Service" account to download the latest GeoIP database.
+3. SFTP client to upload the database to the F5 device.
+
+
+## Instructions
+These steps can be performed during working hours as they do not interrupt service.
+
+### Pre-Update
+1. Confirm your F5 VPN is not active before proceeding
+2. Log into the F5 Web Admin portal using a web browser and note the current version BIG-IP
+3. Confirm your admin user account has access to the F5 device via SSH and if any IP access restrictions are in place
+4. Log into the [MyF5](https://my.f5.com) portal and download the latest GeoIP database
+- Goto Resources > Downloads
+- Set `GROUP` as `BIG-IP`
+- Set Product Line and Product Version as per your F5 device
+- Set `GEOLOCATIONUPDATES_Edge`
+- Download the latest GeoIP database zip file and md5 file
+
+### Update GeoIP database
+The following steps are to be in the `*shared*` directory, which is different from the `*/usr/share*` directory, which contains the default GeoIP database files.
+
+1. Use a SFTP client to upload the GeoIP database zip file to the F5 device
+2. Place the GeoIP database zip and md5 files in the */shared/tmp* directory
+
+- Connect to the F5 device via SSH and run the following commands:
+
+```bash
+mkdir /shared/GeoIP_backup
+
+cp -R /GeoIP/* /GeoIP_backup/
+
+cd /shared/tmp
+
+md5sum -c <ip-geolocationfile>.zip.md5
+
+unzip <ip-geolocationfile>.zip
+
+```
+
+
+- This step will overwrite the update GeoIP database files, repeat for each rpm file in the zip archive
+
+```bash
+geoip_update_data -f </path/to/rpm>
+
+geoip_lookup -f <path/to/db/files> <IP address>
+```
+
+- Remove the now redundant zip, rpm and md5 files from temp directory
+
+```bash
+rm -i </path/to/file>
+
+```
diff --git a/source/network/F5AdminPortal.html.md.erb → source/network/f5/F5AdminPortal.html.md.erb b/source/network/F5AdminPortal.html.md.erb → source/network/f5/F5AdminPortal.html.md.erb
@@ -1,5 +1,5 @@
 ---
-title: Palo Alto Admin Portal
+title: Admin Portal
 last_reviewed_on: 2024-09-20
 review_in: 6 months
 weight: 10