Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    firewall security test

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 884 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Ricardo Zorek Daniel
      last edited by

      Hello, I am setting up a test environment with two firewall, to create a dmz, I would like some ideas, to do this security test in the current environment (there is only one firewall) and in the test environment that has two firewall and dmz (firewall pfsense and aker) thanks.

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Define "security". That's a broad category. However, the first step would be port scans, with either nmap or from www.grc.com

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • R
          Ricardo Zorek Daniel
          last edited by

          I am doing an article, I would like to show in this article, what has improved from one environment to another, make a comparison between them. And show how the DMZ environment is much safer than the old (environment without dmz with just a firewall)

          T 1 Reply Last reply Reply Quote 0
          • T
            tim.mcmanus @Ricardo Zorek Daniel
            last edited by

            @ricardo-zorek-daniel said in firewall security test:

            I am doing an article, I would like to show in this article, what has improved from one environment to another, make a comparison between them. And show how the DMZ environment is much safer than the old (environment without dmz with just a firewall)

            There are a few pieces to this, IMHO.

            First, you need to academically describe what you are setting up and why. Why is a DMZ better, conceptually, than just one firewall or your current set up? A list of pros/cons of each.

            Second, you'd need to get into the details of the specific configuration. There are many ways to set up a DMZ, how specifically are you setting yours up? I've seen folks set up a DMZ that can only respond to WAN connection, but the DMZ could initiate connections into the LAN. Is this your setup, or are you going to configure it where the DMZ can only respond to incoming connections over specific ports from the WAN/LAN? So this part would be where you demonstrate the resiliency of your architecture.

            Third, then you could perform some kind of canned test to demonstrate that you've set everything up properly. This part really isn't as important as the second part. It just verifies that you've configured the devices to the specifications of your proposed architecture. If you have a specific vulnerability that you want to exploit in a different architecture to demonstrate your superior architecture, then maybe that would have some value.

            Just my thoughts...

            R 1 Reply Last reply Reply Quote 0
            • R
              Ricardo Zorek Daniel @tim.mcmanus
              last edited by

              I'm doing this in a real (real) way, in a company. This company had problems of intrusion (violation) through a CRM server (data shared inside and outside the company) I mounted a virtual environment, added a firewall (PFSENSE) those servers that have external access. This would be my DMZ, soon after the firewall (already existing in the AKER company) and wanted to bar all external accesses from that line forward.

              I have already written the part of the article academically. Now my difficulty is to demonstrate what I have done and what will happen to improvements from the implementation of this DMZ

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.