pfSense DMZ Home Network Lab
How would I build DMZ home network lab with external and internal firewall using pfSense.
Should I use two instances of pfSense or one instance can accomplish this.
No need for two routers for home use DMZ in my opinion.
Use VLANS or different LAN interfaces on the router for your LAN & DMZ and two switches.
If you use VLANS you'll need a switch that supports 802.1q.
On the DMZ interface block traffic to the LAN interface addresses.
what is the disadvantage of deploying two instances. I find it to be straight forward
Just seems to be a bit of an overkill tbh.
You could also do this with three NICs and two switches.
NIC 1 -> WAN
NIC 2 -> LAN
NIC 3 -> DMZ
Set up your FW rules so that connections can go into the DMZ, nothing can initiate a connection out of it. Then you're done. You'll have the physical segmentation you're looking for, and it's relatively inexpensive and fairly simple to do this.