pfSense DMZ Home Network Lab
-
How would I build DMZ home network lab with external and internal firewall using pfSense.
Should I use two instances of pfSense or one instance can accomplish this. -
No need for two routers for home use DMZ in my opinion.
Use VLANS or different LAN interfaces on the router for your LAN & DMZ and two switches.
If you use VLANS you'll need a switch that supports 802.1q.
On the DMZ interface block traffic to the LAN interface addresses.
-
what is the disadvantage of deploying two instances. I find it to be straight forward
-
Just seems to be a bit of an overkill tbh.
-
You could also do this with three NICs and two switches.
NIC 1 -> WAN
NIC 2 -> LAN
NIC 3 -> DMZSet up your FW rules so that connections can go into the DMZ, nothing can initiate a connection out of it. Then you're done. You'll have the physical segmentation you're looking for, and it's relatively inexpensive and fairly simple to do this.