Designing a Secure Network Topology

Overview

This lab focused on designing, implementing, and validating a secure network topology using pfSense. The objective was to build both simple and complex network environments, analyze connectivity, and apply security concepts such as VLAN segmentation and DMZ implementation.

Objectives

  • Configure a basic network topology with multiple hosts

  • Verify connectivity using ICMP (ping)

  • Capture and analyze traffic using Wireshark

  • Implement VLANs for network segmentation

  • Configure pfSense interfaces and routing

  • Design and validate a DMZ for external-facing services

Technologies Used

  • pfSense firewall/router

  • Wireshark (packet analysis)

  • Virtual machines (PCs and workstation)

  • VLAN-enabled switches

  • ICMP for connectivity testing

Key Activities

Simple Topology Design

A basic network topology was created with multiple hosts. Connectivity was verified through successful and failed ping tests to understand network reachability and filtering.

Traffic Analysis

Wireshark was used to capture ICMP traffic between hosts. This provided insight into packet flow, request/response behavior, and failed communication attempts.

Complex Topology with VLANs

The network was expanded using VLANs to segment traffic across multiple interfaces. pfSense was configured with VLAN IP assignments, and switch interfaces were tagged appropriately to maintain isolation between network segments.

DMZ Implementation

A DMZ (Demilitarized Zone) was introduced to host externally accessible resources. Firewall rules were configured on the WAN interface to control inbound traffic while protecting the internal network.

Results

  • Successful connectivity between permitted hosts

  • Identification of blocked traffic through failed ping attempts

  • Verified VLAN segmentation and routing functionality

  • Confirmed secure access to DMZ resources via controlled firewall rules

Key Takeaways

  • Network segmentation improves security and traffic management

  • Packet capture tools are essential for troubleshooting and validation

  • Proper firewall configuration is critical for controlling access

  • DMZs provide a secure method for exposing services without compromising internal systems

Conclusion

This lab demonstrated the importance of structured network design and layered security. By combining routing, segmentation, and firewall rules, a secure and functional network environment was successfully implemented and validated.

Summary

Lab File