Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense DMZ Home Network Lab

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 658 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jemu
      last edited by

      How would I build DMZ home network lab with external and internal firewall using pfSense.
      Should I use two instances of pfSense or one instance can accomplish this.

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN Offline
        NogBadTheBad
        last edited by

        No need for two routers for home use DMZ in my opinion.

        Use VLANS or different LAN interfaces on the router for your LAN & DMZ and two switches.

        If you use VLANS you'll need a switch that supports 802.1q.

        On the DMZ interface block traffic to the LAN interface addresses.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • J Offline
          jemu
          last edited by

          what is the disadvantage of deploying two instances. I find it to be straight forward

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN Offline
            NogBadTheBad
            last edited by

            Just seems to be a bit of an overkill tbh.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • T Offline
              tim.mcmanus
              last edited by

              You could also do this with three NICs and two switches.

              NIC 1 -> WAN
              NIC 2 -> LAN
              NIC 3 -> DMZ

              Set up your FW rules so that connections can go into the DMZ, nothing can initiate a connection out of it. Then you're done. You'll have the physical segmentation you're looking for, and it's relatively inexpensive and fairly simple to do this.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.