Welcome to the third installment of my comprehensive tutorial series on setting up a Virtual Home Lab tailored for Blue Team Security. This tutorial will focus exclusively on pfSense. If you haven’t had a chance to go through the previous segment, which delves into the intricacies of network topology design, I highly recommend reviewing it for a complete understanding. You can access the prior section by clicking here.
Introduction
Our initial virtual machine deployment in this home lab will focus on setting up the firewall. I’ve chosen pfSense as the firewall for this setup. pfSense is an open-source firewall that offers robust security features, extensive customization options, and a user-friendly interface for optimal network protection. Below I will mention the virtual machine specifications that I will use for the firewall:
- CPU: 1 Processor
- Memory: 2 GB
- Hard Disk: 20 GB
- Network Adaptors: 7x
- NAT
- VLAN2
- VLAN3
- VLAN4
- VLAN5
- VLAN6
- VLAN99
The number of network interface cards we require is dictated by the variety of specific networks in our lab setting. As outlined in our earlier blog post on network topology, we have designated networks for malicious traffic, Security Onion 2, Splunk, the Corporate LAN, the Isolated LAN, and the span port. The seventh network interface card is designated for NAT, enabling external internet communication via my desktop. This interface is intended to facilitate outbound traffic to the actual internet for devices within the security network.
Below is an image capturing the settings I implemented:
Setup pfSense within VMware
This section of the blogpost will outline the steps to setup the pfSense virtual machine within VMware.
Download the pfSense ISO file from here
In the top left end of the VMware Workstation window click File -> New Virtual Machine
A window should appear similar to the one pictured below. Make sure that the Typical (recommended) option is selected and click Next
Click Browse and navigate to the pfSense ISO file that you downloaded in the previous step.
Click Next
Feel free to name the virtual machine as you like; I’ll be calling mine pfSense
Click Next
The default maximum disk size of 20 GB should be sufficient for this virtual machine.
Make sure that the Split virtual disk into multiple files option is selected.
Click Next
Click Customize Hardware…
While in the Customize Hardware window you should:
- Increase the memory to 2GB
- Attach 6 Network Adapters and align them with the VMnet interfaces as demonstrated below.
Click Close and you should be brought back to the previous window again.
Click Finish
The pfSense virtual machine will initiate automatically.
Installation of pfSense
This part of the blog will elaborate on how to install pfSense.
It’s advisable to generate several snapshots when using a virtual machine, so you can easily revert to prior states if required.
This can be completed within VMware Workstation by going to the top left of the window and selecting VM -> Snapshot -> Take Snapshot…
The following outlines the steps I followed to install pfSense on a VMware virtual machine.
Select Accept to agree to the terms
Select Install
Select Auto (UFS)
Select Entire Disk
Select MBR | DOS Partitions
Select Finish
Select Commit
Permit the pfSense installer to deploy the software packages. The process should be quick, typically finishing in less than a minute.
Select Reboot
Configuration of pfSense
This section of the blog will focus on the initial configuration of pfSense to enable the firewall to fully operate with all network adapters we configured earlier.
Before diving into the configuration, I recommend taking another VMware snapshot. This creates a save point you can revert to, situated between the installation and configuration stages.
As soon as the pfSense CLI surfaces following the reboot, your initial task is to assign the interfaces. Accomplish this by selecting Option 1.
Enter n when it asks about if VLANs should be set up now.
For each subsequent question that comes up, input em0, em1, em2, em3, em4, em5, and em6 in that order.
Enter y when it asks if you want to proceed.
The next task to complete would be to set the interfaces IP addresses. This is completed by selecting the 2 option.
The first interface that will be configurated is the LAN (2).
Use the configuration below for the LAN Interface:
Use the configuration below for the OPT1 Interface:
Use the configuration below for the OPT2 Interface:
The OPT3 Interface won’t receive an IP address as it’s designated to serve as the span port, monitored by Security Onion 2 for traffic analysis.
Use the configuration below for the OPT4 Interface:
Use the configuration below for the OPT5 Interface:
After completing the configurations, this is how the initial setup screen should now appear.
Now that the configuration is complete, I recommend taking another VMware snapshot. This will give you a save point you can revert to, capturing the system’s state post-configuration.
Conclusion
This concludes the blog post on pfSense setup, where we covered setting up the virtual machine, installing pfSense, and configuring its initial firewall settings. Subsequent configurations will be addressed through the WebConfigurator in a future blog post. The upcoming article will focus on Security Onion 2’s Network Security Monitoring (NSM) platform, security monitoring, and log management capabilities.
Should you face any difficulties or have queries regarding the setup of the pfSense virtual machine, feel free to leave a comment. I’m available to help!