0xBEN
/
Sign up to 0xBEN!
Already have an account? Sign in

Building a pfSense VM for Our VMware Cyber Range

In this module, we will look at setting up a pfSense firewall VM in VMware Workstation to segment our home lab network
0xBEN
10 min read
Building a pfSense VM for Our VMware Cyber Range
In: VMware, VMware Cybersecurity Lab Project, Home Lab, Computer Networking
ℹ️
This page is part of a larger series on building a cybersecurity lab using VMware Workstation Pro. Click here to be taken back to the project home page.

Download pfSense

⚠️
pfSense is acting as the NAT router and firewall for the lab environment. Therefore, pfSense will need to be the first VM to boot when running your lab. After pfSense boots, you can start your other VMs.

Whenever you are building a lab – whether in the cloud or on premise – you should always plan your network first. You should factor in future growth as well. It's much more difficult to change network design later than planning for it now.

As of recently, Netgate is requiring users to create an account and provide personal information in order to download the pfSense CE ISO images, which I am not thrilled to see.

I understand that this is a mitigation strategy to combat piracy of their pfSense Plus software by third-party firewall appliance vendors (among other reasons).
Download pfSense Community Edition
pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more
pfSense Logo
Click Download
Choose AMD64 ISO and click ADD TO CART
Click on Create an Account
Temp Mail - Disposable Temporary Email
Keep spam out of your mail and stay safe - just use a disposable temporary email address! Protect your personal email address from spam with Temp-mail
Temp Mail

Go here to get a temporary disposable email

quackr: Free Temporary Phone Numbers for Verification | Receive SMS Online for OTP
Protect your privacy & identity with quackr. Use our free temporary phone numbers for SMS verification and receive SMS now. Phone Numbers from USA, UK, India & more.
quackr.io

Go here to get a temporary phone number for SMS verification

Fill it out using junk data and your disposable email
Fill it out with your junk data
Click Complete order
Proceed to download the ISO file here



Extracting the ISO Image

7-Zip

Download an archive file handler such as 7-Zip or simialr

The .iso file will be stored in this folder





Edit Network Settings

ℹ️
My VMware host has multiple network interfaces and I find auto-bridging doesn't work that well. So, I'm going to define some bridged interfaces that I can manually select when I need to.
Edit > Virtual Network Editor ...
Click the "Change Settings" button (requires Administrative privileges)
VMnet0 is statically bridged to my host's Ethernet NIC
Add Network > VMnet2 > now bridged to my Wi-Fi card > Click "OK"



Create the VM

Create a New Virtual Machine
Typical
Choose your .iso file according to the one you downloaded before
Give the VM a better name
Use the default of 20 GB and store as a single file
Click "Customize Hardware"
Give the VM 1 GB of RAM
Click Add > Network Adapter, do this three times
You should have four network adapters
"Network Adapter" > VMnet0 (bridged to Ethernet)
Network Adapter 2 > LAN segment > LAN Segments ...
Click Add > Add these three LAN segments > select cyber-range-LAN
Network Adapter 2 > LAN segment > choose cyber-range-LAN
Network Adapter 3 > LAN segment > choose cyber-range-isolated
Network Adapter 4 > LAN segment > choose cyber-range-ad-lab
Select USB Controller, Sound Card and click Remove
Final overview of the VM hardware settings (VMnet0 is bridged to Ethernet) > Click Close
Click "Finish"



Optimizing Network Performance

In the VirtualBox counterpart to this guide, I advise readers to change the network adapter to virtio-net, a paravirtualized network adapter that enables higher network throughput to the pfSense VM, as opposed to emulating an Intel E1000 NIC.

Find the path to the ".vmx" file
& notepad.exe "$env:USERPROFILE\Documents\Virtual Machines\pfSense-CyberRange\pfSense-CyberRange.vmx"

Run in PowerShell to edit the file

Press "CTRL + H" to bring up find/replace. Replace every instance of "e1000" with "vmxnet3"
Save your changes and close the text editor when finished.



Installing pfSense

Press the "Power on this virtual machine" button
Power on the VM and accept
💡
If you click inside the VM and can't get your mouse cursor back out of the VM, pressing CTRL + ALT should release the mouse cursor.
Choose "Install" and "OK"
em0 is the WAN interface
Continue
em1 is the LAN interface
Continue
Looks good. Continue.
Choose "Install CE"
Proceed with the defaults
OK
Yes
Choose "Current Stable Version"
Be patient while the installer downloads core files and completes the installation...
When complete, continue to the next screen and choose "Reboot"



Configuring pfSense

Assigning the Interfaces

Enter Option 1
Enter "n"
em0 is the WAN interface
em1 is the LAN interface
em2 is the "Optional 1" interface
em3 is the "Optional 2" interface
Enter "y" to proceed
Final settings should now look like this



Configuring the Interfaces

Configuring the LAN

Enter option "2"
Enter option "2" again to configure the LAN
Enter 'n' to configure the address statically
ℹ️
The LAN interface is going to serve DHCP clients, and does not get its IP address from a DHCP server elsewhere. Thus, we configure it statically.
Enter "24" as the subnet bit mask
Just press "Enter" here, since this is a LAN interface
Enter 'n' as to configure the address statically
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter the start and end range
Enter n, we want to keep using TLS on the web portal.
Press Enter.
All finished with the LAN configuration.



Configure the ISOLATED LAN

Enter option 2
Enter option 3 to configure OPT1
Enter 'n' to configure the address statically
Enter the network address
Enter "24" as the subnet bit mask
Enter 'n' to configure the address statically
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter n, we want to keep using TLS on the web portal.
All finished with the ISOLATED LAN configuration.



Configure the AD LAB LAN

Enter option 2
Enter option 4 to configure OPT2
Enter 'n' to configure the address statically
Enter the network address
Enter "24" as the subnet bit mask
Press Enter here. This is a LAN.
Enter 'n' to configure the address statically
Press Enter. We'll not be using IPv6.
⚠️
Pay careful attention to the DHCP settings just below ...
Enter n to disable the DHCP server, as the domain controller will be acting as the DHCP server
Enter n, we want to keep using TLS on the web portal.
All finished with the AD_LAB LAN configuration.



Final Check

You should now see something like this



A Note on Configuring the Firewall

In this guide, we will not be making the pfSense web console available from the WAN.

This is because you may be using a laptop and if you connect to public wireless, then your pfSense web console would be open to the others on that network.



Next Step

Importing Kali Using the Official VMware Image
In this module, we will look at the process of importing the pre-packaged Kali VM for VMware directly from the official source.
0xBEN0xBEN
Written by
0xBEN

0xBEN

View all posts
Comments
More from 0xBEN
Building a Security Lab in VMware Workstation Pro
VMware

Building a Security Lab in VMware Workstation Pro

In this project, broken up into multiple modules, you will build a comprehensive cybersecurity home lab using VMware Workstation Pro. Upon completion, you will have an environment where you can safely practice penetration testing against a wide variety of targets, as well as detection in your SIEM.
0xBEN
7 min read
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.