Hands-On Lab: Enterprise Class Networking with pfSense

Level 300

Published 2017-05-19




You have been asked by Woodgrove Financial Services to provision a proof of concept deployment that will be used by the Woodgrove team to gain familiarity with a complex virtual networking deployment, including all the components that enable the solution. 

Pre Requisites

  • Microsoft Azure Subscription: http://azure.microsoft.com/en-us/pricing/free-trial/
  • You must have a working Azure subscription to carry out this lab without a spending cap to deploy the pfSense firewall from the Azure Marketplace.

Lab Objectives

  • Gain the ability to bypass system routing to accomplish custom routing scenarios
  • Leverage the Azure load balancer to distribute load and ensure service availability
  • Implement a partner firewall solution to control traffic flow based on policies

Lab Guide

Exercise 1: Environment Setup

In this exercise, you will create a VM that will be used for executing this lab.

Exercise 2: Create a virtual network and provision subnets

In this exercise, you will create a virtual network and provision its subnets.

Exercise 3: Create route tables with required routes

In this task, you will create route tables to properly route traffic using rules other than the system provided default routes.

Exercise 4: Create n-tier application and validate functionality

In this task, we will provision the Cloud Shop application. This application has a web tier and a data tier.

Exercise 5: Build the management station

In this exercise, management of the Azure-based systems will only be available from a management ‘jump box.’ In this section, you will provision this server.

Exercise 6: Provision and configure partner firewall solution

In this exercise, you will provision and configure a pfSense firewall appliance in Azure. This appliance is offered as a ‘Free Trial’ but deployments with only a single CPU core are free. Our deployment will be using a single CPU core. However, ‘Free Trials’ in Azure require that your subscription does not have a spending cap in place and that a credit card is associated with your subscription. The first task within this exercise walks through removing a spending cap and associating a credit card with the subscription. If your subscription already has no spending cap and has a credit card associated with it, then you can skip the first section.

Exercise 7: Configure the firewall to control traffic flow

In this exercise, you will configure the firewall appliance to allow the necessary traffic to flow.

Exercise 8: Configure site-to-site connectivity

In this exercise, we will simulate an on-premises connection to the internal web application. To do this we will first set up another virtual network in a separate Azure region. Then connect the 2 virtual networks via a site-to-site connection. Finally, we will set up a virtual machine in the new virtual network to simulate on-premises connectivity to the internal load-balancer.

Exercise 9: Validate connectivity from ‘on-premises’ to Azure

In this exercise, you will validate connectivity from your simulated on-premises environment to Azure.

Exercise 10: Free Resources in your Subscription

In this exercise, you will delete the resource groups for the resources you created in this lab. This will delete all the artifacts created in Azure for this lab.