Building a pfSense VM for Our VirtualBox Cyber Range

In this module, we will look at setting up a pfSense firewall VM in VirtualBox to segment our home lab network

8 months ago   •   7 min read

By 0xBEN
Table of contents

This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.

Building a Security Lab in VirtualBox
In this post, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox




Whenever your are building a lab – whether in the cloud or on premise – you should always plan your network first. You should factor in future growth as well. It's much more difficult to change network design later than planning for it now.

Download pfSense

Go to: https://www.pfsense.org/download/ and choose the image with the following specifications:

  • AMD64
  • ISO installer
  • Choose the mirror closest to you

Now, go to the folder where you downloaded pfSense. We need to extract the .iso file form the archive.

Install 7zip or some other archive extraction utility to decompress the .gz archive.

You should now have a pfSense-CE-#.#.#-RELEASE-amd64.iso file in your folder.





Create the VM

Click the New button

The Name and Machine Folder are specific to your computer. Ensure you choose the correct Type and Version as shown here.

You could probably set this to 512 MB if you're lacking resources, but no less than that




Customize the VM

Right-click the VM and choose Settings

Move Hard Disk above Optical

This boot order ensures the operating system boots upon installation from disc.

Choose a Disk File

Disable audio

Disable USB





Configure the Network Interfaces

Adapter 1: WAN

Paravirtualized drivers provide the best performance

Adapter 2: LAN

Paravirtualized drivers provide the best performance

Adapter 3: ISOLATED

Paravirtualized drivers provide the best performance

Adapter 4: AD_LAB

Paravirtualized drivers provide the best performance

All done. Click OK.





Installing pfSense

If it asks for the startup disk, just choose the .iso disk we downloaded earlier. Press Enter.

Choose Install pfSense

Continue with defaults, unless you want to choose another language

Choose Auto (UFS) BIOS

Wait for installation process to complete. Choose No.





Configuring pfSense

Wait for the VM to finish booting. When asked Should VLANs be set up now [y|n]?, choose N.

Ener the WAN interface
Enter the LAN interface
This will be the ISOLATED interface
This will be the AD_LAB interface




Configuring the Interfaces

You should see something like this

  • The WAN interface pulled an IP address from my home network.
  • The Default LAN IP address space is 192.168.1.1/24
  • OPT1 (optional interface 1) – Isolated – is not yet configured.
  • OPT2 (optional interface 2) – AD_LAB – is not yet configured.




Configure the LAN

Enter option 2
Enter option 2 for LAN
Enter the network address
Enter the subnet mask bits
Just press Enter here. This is a LAN.
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter the start and end range
Enter n, we want to keep using TLS on the web portal.
Press Enter. All done with the LAN.




Configure the Isolated LAN

Enter option 2
Enter option 3 to configure OPT3
Enter the network address
Enter the subnet mask bits
Press Enter here. This is a LAN.
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter n, we want to keep using TLS on the web portal.

All done with the ISOLATED LAN





Configure the AD Lab LAN

Enter option 2
Enter option 4 to configure OPT4
Enter the network address
Enter the subnet mask bits
Press Enter here. This is a LAN.
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter the start and end range
Enter n, we want to keep using TLS on the web portal.

All done with the AD_LAB LAN





Final Check

You should now see something like this





A Note on Configuring the Firewall

In this guide, we will not be making the pfSense web console available from the WAN.

This is because you may be using a laptop and if you connect to public wireless, then your pfSense web console would be open to the others on that network.

We will be using our Kali VM to configure the pfSense firewall rules in a bit.





Next Step: Importing Kali from Offensive Security Images

Importing Kali Using the Official VirtualBox Image
In this module, we will look at the process of importing the pre-packaged Kali VM for VirtualBox directly from the official source.

Spread the word

Keep reading