Firewall

The firewall is a simple computer with pfSense installed on it.

pfSense is a FreeBSD based software that is often used to power firewalls. This means that there are some hardware requirements involved:

⚠️ Warning!

  • the device must be powered by an AMD64 CPU (because ARM CPUs are not widely supported) and its network interfaces mustn't use Realtek chipsets (Intel chipset are recommended because of compatibility issues).
  • we need at least three network interfaces (WAN, LAN and OPT1).

In our case, the hardware doesn't matter because it is installed on a VM.

Description

The firewall has several uses in this architecture:

Network interfaces

LAN (Local Area Network) & OPT1

The LAN (and OPT1) interface is connected to our internal private networks. It is responsible for the communication between devices on those private networks.

WAN (Wide Area Network)

The WAN interface is connected to internet. It receives a public IP address from the ISP (Internet Service Provider). On our VM, we configured this interface in NAT, so that it receives an IP address from the host, without having problems with the network configurations at YNOV.

DMZ (Demilitarized Zone)

The DMZ interface is used to host services reachable from internet, isolating it from the local network (LAN) for security purposes.

Filtering Rules

LAN

lan-rules.png

OPT1

opt1-rules.png

WAN

wan-rules.png

DMZ

dmz-rules.png

Conclusion

The pfSense firewall plays a crucial role in the security of our network infrastructure controlling all traffic between its interfaces (WAN, LAN, OPT1, DMZ) applying security rules that we chose and just presented.


This documentation provides a complete overview of the configurations of pfSense and its filtering rules.


Revision #1
Created 9 August 2024 09:02:55 by Admin
Updated 9 August 2024 09:07:30 by Admin