Installation of Hardware-Based Firewall

04-09-2021

Introduction

This project was inspired by my Cyber Security degree, where I explored securing networks and infrastructure against cyber threats. While a home network differs from an enterprise setup, this initiative aimed to establish a foundational understanding of implementing network security measures.

To achieve this, I used Proxmox VE to virtualize my pfSense hardware router/firewall, consolidating services and applications onto a single machine. This approach reduced floor space requirements and electricity consumption compared to running multiple dedicated machines.

Setting Up the Firewall

Hardware and Virtualization

I built a second home server dedicated to acting as a hardware firewall. Once the system was assembled, I installed Proxmox VE and deployed pfSense.

To ensure pfSense functioned effectively as a firewall, I configured Proxmox to recognize both network adapters (LAN and WAN). These adapters were essential for managing internet traffic flow:

  • WAN: Handled traffic from the ISP.
  • LAN: Managed connections within the local network.

Configuration Process

  1. Linux Bridge Setup:
    I created a Linux bridge within Proxmox, linking the virtual machine to the physical network adapters.
    Linux Bridge Configuration

  2. pfSense Deployment:
    I started the pfSense virtual machine and accessed its web dashboard for configuration.
    pfSense Installation

Enhancing Security with Plugins

  • Snort:
    Installed as an Intrusion Detection/Prevention System (IDS/IPS), Snort monitors traffic for malicious activity. I configured rules to enhance its ability to detect and respond to security threats.
    Snort Dashboard

  • OpenVPN:
    Set up to establish a Virtual Private Network (VPN), enabling secure remote access to the network and virtual machines.

Testing and Validation

To test the setup, I simulated malicious network traffic. Snort effectively detected and flagged these threats, demonstrating its capability to identify and respond to security incidents.

Key Outcomes

This project combined theoretical knowledge from my degree with practical application, yielding several key takeaways:

  1. Optimized Resource Utilization:
    Virtualizing the pfSense hardware router/firewall on Proxmox streamlined resource usage while maintaining efficiency.

  2. Strengthened Network Security:
    The deployment of Snort and OpenVPN added robust security measures to my home network.

  3. Effective Threat Detection:
    Snort's configured rules proved capable of swiftly identifying and mitigating potential threats.

Conclusion

By deploying a virtualized pfSense firewall, this project showcased the integration of modern tools to enhance home network security. Leveraging Proxmox VE enabled efficient resource management, while the addition of Snort and OpenVPN fortified defenses against potential threats. The success of this initiative highlights the importance of proactive cybersecurity practices, even in home environments.

Future improvements could include hardware upgrades or exploring additional plugins to further enhance the platform’s capabilities.

Sources:

  1. Snort
  2. pfSense
  3. Proxmox VE Overview
  4. pfSense Virtualization Guide
  5. OpenVPN