# pfSense

## About

To segregate my Servers from my main network, I created another Virtual LAN. This was a more secure approach and also creates some kind of segregation in my home network. I also have custom firewall rules in place in order to restrict the systems from accessing my main network just in case someone were to get into one of those systems.&#x20;

I also have an OpenVPN server setup in pfSense to enable me to access my machines when I'm not on prem. I'll write about how I did that soon!

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2F7hBdzDosvrfRVbnUoYUA%2Fimage.png?alt=media\&token=3460987f-29dc-4fba-a918-438141ad144a)

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2F9RuAagNSRCdoJV7rtpFS%2Fimage.png?alt=media\&token=705cbad4-3d0d-4f8b-8db9-59b59fcad0d8)

## Setup Instructions

### Vswitch Configuration

To create a port group on VMware ESXI we first need to create a Virtual Switch as shown below.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2Fim8yDh1FgTW1c2TxnDkF%2Fimage.png?alt=media\&token=120c8700-ec47-4236-afa1-d2c69ff770b1)

### Port Group Configuration

Now that we have a virtual switch setup, we can setup the port group to assign our machines to.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2Fy59ryMdygKvTRU7LnZSX%2Fimage.png?alt=media\&token=a07649ed-a5e1-404d-ac46-0440d7acbe6d)

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FAGqba91vJ4jml5aPgWHK%2Fimage.png?alt=media\&token=b9e89a7a-3c79-44bb-98fd-516ec4e8809d)

### Pfsense VM Configuration

Now that we have the new port group created, we can add our Pfsense VM into the network to act as the gateway.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FhI9ooCDki7BWrTt9BI3V%2Fimage.png?alt=media\&token=1f61ed96-4c09-41db-ac9c-05acdc7124d1)

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FTMtYlfBYQnrdJ1kHzTqK%2Fimage.png?alt=media\&token=da3c38e2-f492-4ed5-9027-867ca44173f8)

Now that the machine is connected to the LAN, we will be able to onboard the new LAN onto the FW.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FlAghALqIJqdxaKqE2AEd%2Fimage.png?alt=media\&token=6460364e-9643-4f27-8b72-e7ed87515648)

Once the Interfaces is added, we have to configure the interface and set the IP range.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FY4bX5ZfSzu2moe9ggX3n%2Fimage.png?alt=media\&token=1cb007ca-25e3-4709-9136-3e13aa1243a8)

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FS6avwTuTJw9zh9JcYX6K%2Fimage.png?alt=media\&token=3bf5280a-3b8c-4b5f-a1ab-76a76813bbd1)

And once all that is done, check back at the terminal to confirm that you're LAN is successfully added as shown below.

![](https://4023630493-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsVNw0ukkXTvV2pJfDvjn%2Fuploads%2FhuxtpzMqknlB2kleqZl6%2Fimage.png?alt=media\&token=c6be9f17-4282-47c9-846c-61a1a629234b)