SIEM Project Lab Setup | Part 4 | Install pfSense Router/Firewall
In this multipart walkthrough series, I demonstrate how to get a virtual home lab setup that can be used to practice using a Security Information and Event Management (SIEM) system. The SIEM that will ultimately be used is called Wazuh, which I'll describe in a later walkthrough. In my last article (which you can read here), I showed you how to download and install a Linux Mint Virtual Machine. If you want to check out part 1 of this series and start from the beginning, click here. Our virtual home lab is going to include two Linux Virtual Machines. Since we now have two PC virtual machines for the home lab network, we now need a router/firewall to help facilitate network activity. In this part of the series, I'll show you how to set up the free pfSense router/firewall virtual machine for our lab.
pfSense is a free, open sourced virtual firewall/router software made by an amazing company called Netgate. You can check out the Netgate website and all of their offerings if you like. I'm not affiliated with them at all and I get no compensation from them for writing this article, I'm just showing you how to download and install their free open sourced tool for us to use for cybersecurity practice in our lab.
Lets get it going my friends!
?
Step 1: Go to google and search for "download pfsense"
?
Step 2: Click on "Download pfSense Community Edition."
?
Step 3: On the pfsense download page, click on "Download."
?
Step 4: On the shop page where it says "Installation Image," click the dropdown and select the "AMD64 ISO IPMI/Virtual Machines" or whatever option you need based on your computer. For most of us, the AMD64 Virtual Machine option should work. Once you select the Installation Image, click on Add to Cart. Then click on your cart in the upper right corner of the web page.
?
Step 5: On the shopping cart page, click on "checkout."
?
Step 6:? On the next page, you will likely need to create a Netgate account to proceed. The easiest way to do this is to click on "Create an Account" at the top of the page. Once you create an account, it will take you to the final checkout page.
?
On the final checkout page, make sure all of the information is correct and then click the checkbox about the terms and conditions after reading the terms and conditions and the Evalutation Agreement and EULA, then click on "Complete order."
?
From here, you'll need to sign in with the e-mail that you created for your Netgate login and you'll get an e-mail with the subject line "Your software subscription download is ready." Click into the e-mail and click on the "Download Now" button. It will take you to a page similar to the one below:
?
?
Click the "Download Now" button.
?
Step 7: Once the file is downloaded, you'll notice is it in a "Compressed Archive Folder" format and will need to be "unzipped" or "extracted" to access the actual file. If you're using Windows 10 and later, when you get to the directory that contains the folder you should be able to click a button that says "Extract all" in your "Windows File Explorer."
?
Once you click "Extract all," Windows will ask you where you want the extracted file(s) to be stored. My suggestion is to create a folder on your desktop and label it "Virtual Machine ISO's" or something to that effect in order to easily find the ISO file when we need it for succeeding steps. Once you know what directory you want to extract to, click on "Extract." It will take some time for the extraction to complete.
?
Step 8: Open your VirtualBox Manager, then click on "New."
?
Step 9: Once you click on "New," look at the "ISO Image" field. Next to the "Name" field, type in "pfSense." Next, click the dropdown arrow to the far right of the "ISO Image" field and then click on "Other." Find the ISO Image that you extracted earlier and double click it.
?
Step 10: Click the dropdown arrow to the right of the "Type" field, then select "BSD." The "Subtype" and "Version" fields should auto populate by saying "FreeBSD" and "FreeBSD (64-bit)," respectively.
?
领英推荐
Step 11: Click on "Hardware." Since this VM isn't a computer, it doesn't need a lot of RAM, so you can leave it at the default RAM and it will run just fine, but 2000-3000 MB would help the system run better, and I would actually recommend 2 processors for this VM if you computer can handle it. If you can only afford 1 processor, that will be fine. For me, I chose 3000 MB and 2 processors.
?
Step 12: Next, click on Hard Disk. Since this device will be keeping logs of user/machine activity, we want it to have a good amount of hard drive space to store the logs. I recommend 25 GBs for this if your machine can spare it. If not, the default 16 GB should suffice. For me, I chose 25 GBs. After setting the amount of hard drive space, click on Finish in the lower right corner.
?
Step 13: Before powering up the VM, click on the pfSense VM in the Oracle VirtualBox Manager window and then click on Settings, Network. Click on Adapter 1 and next to the "Attached to:" line, click the dropdown and select Bridged Adapter. This adapter will help provide our Linux VMs installed in earlier parts of this series to access the Internet.
?
After setting up Adapter 1, click the "Adapter 2" tab and make sure the "Enable Network Adapter" checkbox is checked. Next, click the dropdown next to "Attached to:" and select "Internal Network." Make sure the network name "Intnet" is populated next to the "Name" field. This adapter will help provide DHCP IP addresses to our Wazuh Server (which we will install in the next article) and the Linux VMs that we installed previously.
?
Step 13: Open VirtualBox manager and then locate your pfSense VM in the list of VMs. Click on the power button right below the pfSense label. You'll notice that the pfSense machine runs a lot of scripts automatically in the VM window once it starts up. That is normal, give it a little time.
?
Step 14: Once the pfSense machine runs all of its startup scripts, you'll get to a page that shows the Copyright and Distribution Notice, you'll see that it gives you the option to "Accept." You'll need to hit your "Enter" key on your keyboard to accept terms (after you read them) and move on to the next step.
?
Step 15: The next page will give an option that says "Install pfSense." Go ahead and hit Enter on this page. You'll see a popup that says that it is setting up the network. Then you'll end up on a page where it asks you which interface is going to be the WAN interface. The "em0" interface should be preselected, and that is the interface that we want for the WAN. Press Enter if em0 is selected.
?
Step 16: On the "WAN" (em0) Network Mode Setup Screen, you can leave the preselected settings as is, press Enter.
?
Step 17: You'll end up on the "LAN Interface Assignment and Configuration" page. This interface is specifically what our VMs will be attached to so that they can access the internet. Using the arrow keys, highlight the "em1" interface and press Enter. On the LAN (em1) Network Mode setup page, press Enter again.
Step 18: You'll then be on the "Interface Assignment and Configuration" page. Use the arrow keys to highlight "em0" because the installer needs access to the Internet for these steps. Press Enter.?
?
Step 19: When the "Install CE" option appears on your screen, make sure it is highlighted and press Enter.
?
Step 20: When you see the "Installation Options" page, press Enter as the pre selected options should be fine.
?
Step 21: When you see the "ZFS Virtual Device Type Configuration" page, press Enter as the pre selected options should be fine.
?
Step 22: Press Enter when it asks to "Select disks for software installation"
?
Step 23: Press Enter when it asks are you sure you want to destroy the current content of the follow disks
?
Step 24: When it asks what version of the software that you want to install, select the current stable release, then press Enter. This next step will take some time to complete.
?
Step 25: When it says that installation is complete, you'll have the option to "Reboot" or go to the "Shell." You'll need to click on "Devices" at the toolbar at the top of the pfsense VM window, then roll over where it says "Optical Devices," then click on "Remove Disk from Virtual Drive." It will give you a warning popup box but you can then click on "Force Unmount." Then click on Machine on the toolbar at the top of the screen, then click Reset, Reset.
?
Step 26: pfSense will then restart and run some auto-scripts as it boots back up. Once you see the page referenced in the screenshot below, you're all set! You have successfully installed pfSense! Nice work!
?
Note: pfSense still needs to be configured but we will cover that in a later article. Our goal for now is to install all of the components of our network before we start configuring anything. For now, you can click the "x" in the upper right corner of the VM screen and select the "Power off the machine" radio button and click "Ok."
?
I hope that this tutorial provided a lot of value to you and if it did, feel free to share it with someone else who may also get value out of it. If you run into any issues at all while installing this, feel free to let me know in the comments and I'll do all I can to help you.
Thank you very much for your time and have a lovely day! Feel free to check out the next part of the series below!