pfSense – Unified Threat Management Home Lab Project

…on why pfSense makes a lot of Sense:

  • Go far beyond the consumer grade WiFi gateway that sits on the shelf, collects dust and runs outdated firmware. No worries, you can make use of it as an AP.
  • Have an old PC lying around? Turn it into a pfSense box; It’s the green way of thinking.
  • Amazing Features: Stateful Firewall, Hardware Failover, Multi-WAN, Load Balancing, VPN, Dynamic DNS, Captive Portal, DHCP Server etc.
  • Additional 3rd Party Packages: Squid Proxy, Snort IDS/IPS, pfBlocker and more…..
  • I highly recommend purchasing a copy of “pfSense – The Definitive Guide”. A great read, props to Chris Buechler and Jim Pingle.
  • Great user community and support to help you when you find yourself banging your fist or head against your desk.

For InfoSec folks it is an awesome project to not only protect the home network but reap the benefits of learning about firewalls, networking, intrusion detection and traffic analysis. I’ve used multi-port NICs and a couple of switches for LAN segmentation so I can test malware and various security tools without disrupting my home network and facing the wrath of my wife for bringing down her Facebook session. “Sorry Honey!”

My current LAB design:


  • pfSense box: Lenovo M58P (SFF), 1TB HDD, 8GB RAM. 3 x LAN ports
  • D-Link DIR-628 WiFi
  • MikroTik RB250GS switch
  • Netgear GS108T switch
  • Custom PC: Asus Maximus V Gene, Core I5, 16GB RAM, 4 x HDD, 3 x LAN port, Host OS = Windows 7 + Mixed Windows/Linux VMs

Additional software:

  • Syslog Watcher –  – Syslog parsing and reporting – Running on Windows 7 Host PC
    Replaced with Splunk. See my post
  • Snorby – – Snort NIPS monitoring and traffic analysis – Running on CentOS VM

Stay tuned for more…

pfSense snorby syslog_watcher