This page is part of a larger series on building a cybersecurity lab using VirtualBox. Click here to be taken back to the project home page.
Download pfSense
⚠️
pfSense is acting as the NAT router and firewall for the lab environment. Therefore, pfSense will need to be the first VM to boot when running your lab. After pfSense boots, you can start your other VMs.
Whenever you are building a lab – whether in the cloud or on premise – you should always plan your network first. You should factor in future growth as well. It's much more difficult to change network design later than planning for it now.
The Netgate Way
❗
As of recently, Netgate is requiring users to create an account and provide personal information in order to download the pfSense CE ISO images, which I am not thrilled to see.
I understand that this is a mitigation strategy to combat piracy of their pfSense Plus software by third-party firewall appliance vendors (among other reasons). That said, I will show you a way to download the file whilst protecting your privacy.
The Google Way
Extracting the ISO Image
Create the VM
Click the New button
The Name and Machine Folder are specific to your computer. Ensure you choose the correct Type and Version as shown here.
❗
Do not start the VM yet!
Customize the VM
Right-click the VM and choose Settings
Move Hard Disk above Optical and disable Floppy
Disable audio
Disable USB
Configure the Network Interfaces
Adapter 1: WAN
Adapter 2: LAN
Adapter 3: ISOLATED
Adapter 4: AD_LAB
All done. Click OK.
Installing pfSense
If it asks for the startup disk, just choose the .iso disk we downloaded earlier. Press Enter.
Choose Install pfSense
Choose Auto (ZFS)
Proceed with Installation using the defaults
Stripe – No Redundancy
Use your Space Bar such that an * (asterisk) denotes the selected disk.
Use your arrow keys to select YES and proceed.
Wait for installation process to complete...
Choose Reboot
Configuring pfSense
Wait for the VM to finish booting. When asked Should VLANs be set up now [y|n]?, choose n.
Configuring the Interfaces
ℹ️
You should see something like this
The WAN interface pulled an IP address from my home network.
The Default LAN IP address space is 192.168.1.1/24
OPT1 (optional interface 1) – Isolated – is not yet configured.
OPT2 (optional interface 2) – AD_LAB – is not yet configured.
Configure the LAN
Configure the Isolated LAN
All done with the ISOLATED LAN
Configure the AD Lab LAN
All done with the AD_LAB LAN
Final Check
You should now see something like this
A Note on Configuring the Firewall
In this guide, we will not be making the pfSense web console available from the WAN.
This is because you may be using a laptop and if you connect to public wireless, then your pfSense web console would be open to the others on that network.
We will be using our Kali VM to configure the pfSense firewall rules in a bit.
In this module of the VirtualBox cybersecurity home lab project, we are going to look at the process of setting up a dual-homed target to serve as a pivot point into an Active Directory network.