================================================= Configuring Firewall Interfaces with pfSense ================================================= Project Overview ================ This project demonstrates the process of planning, configuring, and validating a firewall deployment using pfSense. The lab focuses on configuring core firewall interfaces, implementing a DMZ network segment, verifying connectivity, and enabling secure administrative services. The goal of this project was to simulate a real-world firewall deployment and gain hands-on experience with firewall configuration, network segmentation, DNS configuration, and secure remote administration. Learning Objectives =================== The objectives of this lab included: * Planning the physical configuration of a firewall * Configuring WAN and LAN interfaces in pfSense * Implementing a DMZ network segment * Verifying connectivity using ICMP testing * Configuring Split DNS using Host Overrides * Enabling and testing SSH access for secure firewall management Technologies Used ================= * pfSense Firewall * Virtual networking environment * ICMP connectivity testing (ping) * DNS Resolver / Host Overrides * Secure Shell (SSH) Firewall Network Design ======================= The firewall was configured with three primary network interfaces to simulate a common enterprise network architecture. WAN The external interface connected to the upstream network or internet. LAN The trusted internal network used by internal systems and users. DMZ A segmented network designed to host publicly accessible services while protecting the internal LAN from direct exposure. This type of network segmentation is widely used in enterprise environments to improve security by isolating external-facing systems from internal resources. Implementation ============== Planning the Firewall Configuration ----------------------------------- The first stage of the lab involved planning the physical configuration of the firewall interfaces. This included defining the network addressing for the WAN, LAN, and DMZ interfaces and determining how each interface would connect to the network environment. Proper planning ensures that firewall interfaces are correctly assigned and that each network segment operates within its intended security boundary. Configuring Firewall Interfaces ------------------------------- After planning the configuration, the WAN and LAN interfaces were configured through the pfSense WebGUI. Each interface was assigned an IP address and enabled to allow communication with its respective network. The configuration ensured that internal systems on the LAN could communicate with the firewall and that the firewall could communicate with the upstream network through the WAN interface. Verification of Connectivity ---------------------------- Connectivity tests were performed to verify that the firewall was functioning correctly and that routing between networks was working as expected. Verification included testing ICMP requests to the upstream gateway and to the WAN interface. Successful responses confirmed that the firewall interfaces were correctly configured and operational. DMZ Configuration ================= A DMZ (Demilitarized Zone) interface was added to the firewall configuration to simulate hosting publicly accessible services in a segmented network. The DMZ network provides an additional security layer by separating public services from the internal LAN. If a system within the DMZ were compromised, the segmentation would help prevent attackers from directly accessing internal network resources. After configuring the DMZ interface, connectivity testing confirmed that systems could reach services hosted within the DMZ environment. Split DNS Configuration ======================= Split DNS was implemented using the pfSense DNS Resolver by creating Host Override entries. This configuration allows internal systems to resolve specific domain names to internal IP addresses instead of public DNS records. This technique is commonly used in enterprise environments to allow internal users to access internal resources using the same domain names that external users may use, while directing them to different IP addresses internally. Secure Remote Management (SSH) ============================== Secure Shell (SSH) access was enabled on the pfSense firewall to allow secure remote administration from the command line. SSH provides encrypted communication between the administrator and the firewall, making it a secure method for managing systems remotely. After enabling SSH, a connection test confirmed successful authentication and access to the firewall. Skills Demonstrated =================== This project demonstrates several fundamental networking and cybersecurity skills, including: * Firewall configuration and deployment * Network segmentation using a DMZ * Network troubleshooting and connectivity testing * DNS configuration and split DNS implementation * Secure administrative access using SSH * Working with enterprise firewall management interfaces These skills are foundational for careers in network security, cybersecurity operations, and system administration. Reflection ========== This lab provided hands-on experience configuring a firewall environment similar to what is used in enterprise networks. Implementing network segmentation and verifying connectivity reinforced key security principles such as defense in depth and controlled network access. Working with pfSense also provided practical experience using a widely deployed open-source firewall platform, strengthening understanding of how firewall systems are configured, managed, and tested in real-world environments. Lab File ========== .. raw:: html