Building a pfSense VM for Our VirtualBox Cyber Range

In this module, we will look at setting up a pfSense firewall VM in VirtualBox to segment our home lab network
Building a pfSense VM for Our VirtualBox Cyber Range
In: VirtualBox, Home Lab, Computer Networking
ℹ️
This page is part of a larger series on building a cybersecurity lab using VirtualBox. Click here to be taken back to the project home page.



Download pfSense

⚠️
pfSense is acting as the NAT router and firewall for the lab environment. Therefore, pfSense will need to be the first VM to boot when running your lab. After pfSense boots, you can start your other VMs.

Whenever you are building a lab – whether in the cloud or on premise – you should always plan your network first. You should factor in future growth as well. It's much more difficult to change network design later than planning for it now.

The Netgate Way

As of recently, Netgate is requiring users to create an account and provide personal information in order to download the pfSense CE ISO images, which I am not thrilled to see.

I understand that this is a mitigation strategy to combat piracy of their pfSense Plus software by third-party firewall appliance vendors (among other reasons). That said, I will show you a way to download the file whilst protecting your privacy.
Download pfSense Community Edition
pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more
Click Download
Choose AMD64 ISO and click ADD TO CART
Click on Create an Account
Temp Mail - Disposable Temporary Email
Keep spam out of your mail and stay safe - just use a disposable temporary email address! Protect your personal email address from spam with Temp-mail

Go here to get a temporary disposable email

quackr: Free Temporary Phone Numbers for Verification | Receive SMS Online for OTP
Protect your privacy & identity with quackr. Use our free temporary phone numbers for SMS verification and receive SMS now. Phone Numbers from USA, UK, India & more.

Go here to get a temporary phone number for SMS verification

Fill it out using junk data and your disposable email
Fill it out with your junk data
Click Complete order
Proceed to download the ISO file here



The Google Way

site:*.netgate.com download -site:forum.netgate.com -site:docs.netgate.com -inurl:blog -site:www.netgate.com -site:shop.netgate.com -site:forums.netgate.com -site:info.netgate.com - Google Search
Index of /mirror/downloads/

Download the latest version here -- e.g. pfSense-CE-2.7.2-RELEASE-amd64.iso.gz



Extracting the ISO Image

7-Zip

Download an archive file handler such as 7-Zip or simialr

The .iso file will be stored in this folder





Create the VM

Click the New button

The Name and Machine Folder are specific to your computer. Ensure you choose the correct Type and Version as shown here.

Do not start the VM yet!





Customize the VM

Right-click the VM and choose Settings

Move Hard Disk above Optical and disable Floppy

This boot order ensures the operating system boots upon installation from disc.

Disable audio

Disable USB





Configure the Network Interfaces

Adapter 1: WAN

Paravirtualized drivers provide the best performance

Adapter 2: LAN

Paravirtualized drivers provide the best performance

Adapter 3: ISOLATED

Paravirtualized drivers provide the best performance

Adapter 4: AD_LAB

Paravirtualized drivers provide the best performance

All done. Click OK.





Installing pfSense

If it asks for the startup disk, just choose the .iso disk we downloaded earlier. Press Enter.

Choose Install pfSense

Choose Auto (ZFS)

Proceed with Installation using the defaults

Stripe – No Redundancy

Use your Space Bar such that an * (asterisk) denotes the selected disk.

Use your arrow keys to select YES and proceed.

Wait for installation process to complete...

Choose Reboot





Configuring pfSense

Wait for the VM to finish booting. When asked Should VLANs be set up now [y|n]?, choose n.

The prompt here was interrupted by some log messages
Enter the WAN interface
Enter the LAN interface
This will be the ISOLATED interface
This will be the AD_LAB interface





Configuring the Interfaces

ℹ️
You should see something like this
  • The WAN interface pulled an IP address from my home network.
  • The Default LAN IP address space is 192.168.1.1/24
  • OPT1 (optional interface 1) – Isolated – is not yet configured.
  • OPT2 (optional interface 2) – AD_LAB – is not yet configured.





Configure the LAN

Enter option 2
Enter option 2 for LAN
Enter 'n' to configure the address statically
Enter the network address
Enter the subnet mask bits
Just press Enter here. This is a LAN.
Enter 'n' as to configure the address statically
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter the start and end range
Enter n, we want to keep using TLS on the web portal.
Press Enter. All done with the LAN.





Configure the Isolated LAN

Enter option 2
Enter option 3 to configure OPT3
Enter 'n' to configure the address statically
Enter the network address
Enter the subnet mask bits
Press Enter here. This is a LAN.
Enter 'n' to configure the address statically
Press Enter. We'll not be using IPv6.
Enter y to enable the DHCP server
Enter n, we want to keep using TLS on the web portal.

All done with the ISOLATED LAN





Configure the AD Lab LAN

Enter option 2
Enter option 4 to configure OPT4
Enter 'n' to configure the address statically
Enter the network address
Enter the subnet mask bits
Press Enter here. This is a LAN.
Enter 'n' to configure the address statically
Press Enter. We'll not be using IPv6.
Enter n to disable the DHCP server, as the domain controller will be acting as the DHCP server
Enter n, we want to keep using TLS on the web portal.

All done with the AD_LAB LAN





Final Check

You should now see something like this





A Note on Configuring the Firewall

In this guide, we will not be making the pfSense web console available from the WAN.

This is because you may be using a laptop and if you connect to public wireless, then your pfSense web console would be open to the others on that network.

We will be using our Kali VM to configure the pfSense firewall rules in a bit.





Next Step

Importing Kali Using the Official VirtualBox Image
In this module, we will look at the process of importing the pre-packaged Kali VM for VirtualBox directly from the official source.
More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.