Originally, I wrote an article on installing a PfSense VM for a home pentesting lab. However, I am changing the entire virtualization suite we will use. I am migrating to installing VMWare ESXI from start to finish and setting up each machine and a firewall to separate the lab network from your home network.
I’ve shifted gears a bit and wanted to keep it basic to uploading ISO’s, Installing and creating VM’s, a Domain Controller, and a few client machines. I will do a later series, preferably a video tutorial on the PfSense firewall and configuration.
For Windows Evaluation ISO’s go here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016
For PfSense ISO Download go here: https://www.pfsense.org/download/
So let’s start with installing ESXI:
First download VMWare ESXI by registering and downloading the ISO. Make sure to save your License Key. (URL: https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6)
Go ahead and burn this to a DVD or USB and plug it into the machine you wish to install ESXI on.
Once booting up you will see this screen:
Choose the option highlighted in the screenshot above.
In the next step you will have to accept a EULA, and then install process should start as you will see a screen similar to this:
Once this process finishes it will then prompt you to set a ‘root’ password.
*Choose a strong password and save this important information in a safe place!*
It will then ask you to remove the CD/USB and reboot. Go ahead and do so.
When it is done installing you will get a yellow and black screen with a URL on it.
Copy the URL: i.e.: http://192.168.1.10/
Go to another computer and enter that same address into your browser.
This will bring you to a VMWare ESXI Login page, here you will use the ‘root’ username and the password you created earlier during setup.
You will then be greeted with a page similar to this upon your first login:
First thing we need to do is upload our ISO’s to the Datastore. You will do this by first choosing Datastore on the left hand side of the screen. You will then click on the hard drive you wish to upload the ISO’s to and then click “Datastore browser”.
You can then create a directory solely for housing the ISOs of which you will use to install your virtual machines with later in this tutorial. However, for now lets start by clicking “Create directory” choose a name for the folder, then click on the “Upload” button and browse to the ISO’s you wish to upload:
While the ISO’s you selected are uploading, let’s go configure our network adapters for setting up the PfSense VM.
First let’s click on the “networking” tab on the left hand side. Then we will click on the “Virtual Switches” tab at the top and finally click on “Add standard virtual switch”.
For the settings of this switch we will name it “Vswitch1”:
Now we need to add a new port group. You can do this by choosing the “Port groups” tab at the top of the page, then clicking on the “Add port group” button.
We will then configure it as seen in the screenshot below:
Now that we have added the Internal LAN port group and assigned its interface to Vswitch1. We should definitely double check our work.
The virtual switches tab should look like the screenshot below:
And the virtual ports should look like the screenshot below:
Now that we have our virtual switch and network adapters configured, let’s get started on installing the PfSense VM and configuring it to work as a way to segregate our home network and lab network.
Lets start by clicking on “Create/Register VM” on top of the page as shown in the screenshot below:
Next, we will be prompted with a window asking us to specify the Guest OS family and Guest OS version. Choose the settings shown in the screenshot below:
After clicking next, it will then prompt you to choose where you want to install the VM (I chose to use the same datastore VM):
Next, we will have to choose the PfSense ISO we uploaded to our datastore earlier.
Start by clicking on the down arrow next to “CD/DVD Drive 1” and choose the Datastore ISO file option:
The Datastore browser should pop up and you will need to browse to select the PfSense ISO file:
The CD/DVD media should look similar to this screenshot:
Now that we have the correct ISO loaded for the install, we now need to configure our network adapters so that it can talk to the WAN (our home network for internet) and the “Internal LAN” (the network only the Virtual Machines will be assigned to.)
We start by choosing the option to “Add network adapter” at the top of the PfSense VM configuration page:
Make the new network adapter the “Internal LAN”.
Next, we will need to swap these two networks and adapters as shown in the screenshot below:
(I had to do this for the PfSense firewall to work correctly. If your PfSense VM does not work as intended, swap the network adapters again and see if that resolves that issue).
Our configuration is done! Click on save and let’s get started on configuring the PfSense VM.
You should now see the PfSense VM in your ESXI dashboard:
Now we click on “Power on” for the PfSense VM we just made.
(You can click on the window shown in the screenshot above to get a console pop up window so you can interact with the Virtual Machine).
Once it boots up you will be presented with a EULA, accept this:
Now choose the “Install” option for PfSense:
Leave keymap as default:
And finally choose “Auto UFS” for the install option:
It will install and show a progress window. Once this installation is finished you will get a screen asking to reboot:
Go ahead and reboot the VM.
Once it boots back up, you will see it ask if you want to assign VLANS. Type N unless you are going to configure that. (I defaulted to NO on this option)
Now, we will get to a screen where it has a menu to choose options. We will start by choosing option 2 as shown in the screenshot below:
Next, we will enter the IP range for the Internal LAN network. Remember this is the network your virtual machines will belong to.
Once that is done, you should have a screen like this:
Now choose option 5 and reboot the PfSense VM.
You have now configured a Virtual Machine firewall for your ESXI lab.