pfSense DMZ Home Network Lab

jemu

How would I build DMZ home network lab with external and internal firewall using pfSense.
Should I use two instances of pfSense or one instance can accomplish this.

NogBadTheBad

No need for two routers for home use DMZ in my opinion.

Use VLANS or different LAN interfaces on the router for your LAN & DMZ and two switches.

If you use VLANS you'll need a switch that supports 802.1q.

On the DMZ interface block traffic to the LAN interface addresses.

jemu

what is the disadvantage of deploying two instances. I find it to be straight forward

NogBadTheBad

Just seems to be a bit of an overkill tbh.

tim.mcmanus

You could also do this with three NICs and two switches.

NIC 1 -> WAN
NIC 2 -> LAN
NIC 3 -> DMZ

Set up your FW rules so that connections can go into the DMZ, nothing can initiate a connection out of it. Then you're done. You'll have the physical segmentation you're looking for, and it's relatively inexpensive and fairly simple to do this.