[Preview] Enterprise network lab based on pfSense firewall

Enterprise network lab topology

The first time I used a firewall was in my diploma work. I have implemented an enterprise network based on Palo Alto Firewall in the EVE-NG emulator that was hosted on Google Cloud.

For the first time, Google gives free credits to use 8vCPU and 32GB RAM (it is a maximum value for a free subscription). It was a really good experience to configure cloud and lab. But those resources were not enough for the smooth operation of network devices. The lab had been lagging at the final stage of the configuration when I tried to use few firewalls or Windows Server. The topology looked something like this:

Enterprise topology based on Palo Alto Firewall

After a while, I started preparing for the CCNA exam and buying new devices for the home lab practice. Once I got the idea to implement lab with any firewall. I was looking for used and old firewalls such as Fortinet FortiGate, Cisco ASA, Palo Alto, etc. But all these firewalls require licenses that are senseless for home labs.

Recently I was looking for interesting projects and I found open source firewalls such as pfSense. Then I spent a few hours searching about installing, configuration and decided to implement a pfSense firewall to my home lab.
Also, this topology can be used in any cybersecurity scenario, for example, pen-testing.

pfSense can be installed on a specific appliance, like a Protectli Vault or Netgate. But the most interesting thing is that pfSense can be installed on any computer hardware (NOT Raspberry PI) or it can be a virtual machine.

For pfSense I will use the next hardware:

1. Asus h81m-k
2. Intel Pentium g3260
3. 8GB RAM
4. HDD
5. PCI Gigabit Ethernet Network Card
6. Power supply
7. USB flash drive with pfsense

As “public network” in my lab will be subnet 192.168.0.0/24 that is configured on the ISP home router.

This lab configuration will cover the next topics:

1. Concept of zones interface design and configuration
2. NAT, Security Policy Rules
3. DNAT, Security Policy Rules
4. SNAT, DNAT with Global IP Pool
5. Apps Control (filtering) in pfSense firewall
6. The DHCP server in pfSense firewall
7. Active Directory Integration
8. DHCP Relay Agent
9. Site-to-Site VPN