Click here to watch the full video on YouTube
Language: Italian
English subtitles available via YouTube captioning
This project demonstrates the installation and configuration of pfSense, a FreeBSD-based open-source firewall, used as a perimeter firewall to manage and secure segmented virtual networks with dedicated policies.
The entire infrastructure was built in a virtual lab environment using VMware Workstation, simulating a corporate network with three isolated departments: Management, Accounting, and Production. The project covers network segmentation, firewall rule creation, DHCP/DNS configuration, connectivity testing, real-time log analysis, and compliance considerations with the EU NIS2 Directive.
00:00 - Introduction to pfSense
05:36 - Network Topology Overview
09:10 - Virtual Network Setup in VMware
11:58 - Installing pfSense
15:33 - Initial pfSense CLI Configuration (LAN Management)
21:51 - pfSense GUI Setup (Web Configurator)
27:48 - Accounting & Production Interface Configuration
31:17 - DHCP Configuration for Accounting & Production Networks
37:11 - Connectivity Test
44:41 - Firewall Rules Review & Configuration
57:31 - pfSense Logs
01:05:33 - Final Thoughts & Conclusions
The simulated network consists of 3 LAN segments plus a WAN interface, each representing a functional department within a corporate environment. All traffic is routed and filtered through pfSense 2.7.2.
| Interface | Zone | Subnet | OS | Role |
|---|---|---|---|---|
| WAN | External | 192.168.1.0/24 | - | Internet access (Bridged) |
| LAN (em1) | Management | 192.168.110.0/24 | Ubuntu | Admin / WebConfigurator |
| OPT1 (em2) | Accounting | 10.10.20.0/24 | Kali Linux | Operational network |
| OPT2 (em3) | Production | 10.10.30.0/24 | Red Hat | Operational network |
Note:
- The Management zone is the only network with direct access to the pfSense WebConfigurator.
- Accounting and Production are isolated from each other but can both reach Management and the Internet.
- A dedicated firewall rule blocks Accounting and Production from accessing the Management gateway IP (192.168.110.1).
| Source | → Management | → Accounting | → Production | → Internet |
|---|---|---|---|---|
| Management | ✅ | ✅ | ✅ | ✅ |
| Accounting | ✅ | - | ❌ | ✅ |
| Production | ✅ | ❌ | - | ✅ |
Note: Both Accounting and Production are blocked from reaching the Management gateway (192.168.110.1) to protect the pfSense admin interface.
- Install and configure pfSense 2.7.2 as a perimeter firewall on VMware Workstation
- Segment the network into three isolated LAN zones with dedicated policies
- Configure DHCP, DNS, and static IP addressing for each segment
- Create custom firewall rules implementing the principle of least privilege
- Perform connectivity tests and validate rules using real-time firewall logs
- Discuss firewall compliance with the EU NIS2 Directive and ACN guidelines
- Analyze real-world pfSense exposure using Shodan
- Stateful Firewall with per-interface rule management
- DHCP Server with custom address pools per network segment
- DNS Resolver acting as local DNS for internal name resolution
- Invert Match rules for efficient traffic filtering
- Anti-Lockout Rule for secure admin access
- Real-time log analysis (Normal, Dynamic, and Summary views)
- NIS2 Directive compliance analysis for firewall usage in critical sectors
- pfSense 2.7.2 (FreeBSD-based open-source firewall)
- VMware Workstation (virtualization platform)
- Ubuntu (Management client)
- Kali Linux (Accounting client)
- Red Hat Enterprise Linux (Production client)
This project is released under the MIT License.
Free to use for educational and research purposes. Please credit the author where applicable.
Created by Alberto Cirillo — 2025