PfSense & Security Onion setup for home lab



  • Hi,

    I'm looking to rebuild my home lab and would like to integrate Security Onion into my setup to do more malware analysis and other projects.

    My pfSense box was previously running on an old Lenovo M58P (Core2Duo w/8GB RAM). I had to tear everything down as I had still unresolved hardware problems that I haven't had time to troubleshoot, but am guessing it's NIC related. I'm debating buying new hardware but thought I'd float the idea around on here first.

    Would it be recommended to run both pfSense & SO on an ESXi whitebox or keep the hardware separate? Based on this answer I'll start exploring my options. Obviously I am looking at keeping cost to a minimum. It will be running 24/7 so keeping it low power is a key factor. The Lenovo M58P was pretty quiet so I had it sitting up on a shelf in the finished part of the basement that is also my TV room. I'd like to keep it low noise, however I do have the option to run a cable and put it in the unfinished part of the basement where noise would not be an issue.

    For hardware I have a Lenovo M58P as well as a Tower PC with a Core I5 & 16GB of RAM that are at the moment collecting dust. I may consider using them instead of purchasing additional hardware if the overall cost will be too high.

    TIPS and recommendations will be greatly appreciated.



  • If you have the hardware or can arrange for one, it's best to keep them separate. pfSense is best if used on a dedicated box. U may use both on vmware, which I have done in the past to test multiple server instances, but I have found it to perform better on dedicated box.



  • Yeah, an ESXi box would likely set me back $1000 minimum if I was to go purchase a refurb'd server. Looks like that would be the cheapest route as well. I think I'll try to rebuild using the hardware that I have currently lying around. Just need to troubleshoot what went wrong with the damn Lenovo where everything would randomly grind to a halt.


Log in to reply