Professional Documents
Culture Documents
Project Task 4
Project Task 4
Project
Task 4
Install and configure the pFSense firewall VM. Configure the firewall to block
unnecessary traffic and to allow only traffic that you configure
Firewall setup
Install and configure the pfSense firewall VM. Configure the firewall to block
unnecessary traffic and to allow only traffic that you configure (per policy below).
Demonstrate (Test) that the firewall is functioning as configured.
Create firewall policy to allow:
The Kali system access to the Internet
o DNS (Port 53 TCP/UDP)
o HTTP (Port 80)
o HTTPS(Port 443)
The Kali system access to Metasploitable
o PING (ICMP)
o HTTP (Port 80)
o HTTPS(Port 443)
Block all other traffic
System Configuration:
Asus ROG Zephyrus G15
Windows 10 Home
40.00 GB RAM
AMD Ryzen 9 5900HS with Radeon Graphics at 3.30 GHz
64-bit Operating System, x64 based processor
1 TB SSD Hard disk drives
pfSense is installed using the files provided + we have booted into it using the hard
drive so now this state can be saved.
Configuring the first IP address which we are going to use in out Kali system to manage
the firewall
Disabling the 2nd adapter to make sure that there are no interfaces that can go directly
to the internet and have to pass through the firewall that we create.
Now looking at the ifconfig to make sure the system is working as intended and the
routes are accurate.
Now when we ping the systems from each other, the Kali system is able to reach the
Metasploitable system, however, the Metasploitable system is unable to reach the Kali
system. We will now look at the firewall to see why that is happening.
We now have the pfsense tool configured by going through the setup process.
We can now see all the admin settings for pfsense and all the different interfaces that
are connected to the firewall
First disabling the existing connections which were allowing the Kali system to access
all of the internet
Now Configuring the different types of connections that we are allowing the Kali system
to make. The above connections are setting up a DNS service and enabling 3
connections which we have specified.
We update the policy to allow the Kali system to ping the Metasploitable system by
creating a new rule.
So now we can ping the Metasploitable system from the Kali system. However, we
cannot do the converse. To do that, we need to add a new rule.
Now we have added a rule in the firewall policy to allow the Metasploitable system to
ping the Kali System
Now we can see that both the systems are able to communicate with each other
through the firewall. This concludes project task 4.