Bilal Farah
Email GitHub LinkedIn

Proxmox Enterprise Lab Project

Proxmox pfSense AD VLANs
2025-09-29

← Back to Projects

Proxmox Enterprise Lab preview

Overview

This project was about designing a secure mock enterprise environment using Proxmox as the hypervisor and pfSense as the virtual router. The goal was to practice real-world sysadmin and networking scenarios in a fully virtualized setup. While I have the opportunity to work with similar systems in my current role it's always nice to have a homelab where you don't have to worry about breaking anything.

Key points:

  • Proxmox managed VM provisioning, snapshots, and resources.
  • pfSense handled network segmentation between subnets.
  • Two domain controllers provided redundant AD, DHCP, and DNS.
  • Linux servers hosted internal pages/tools.
  • Windows clients joined to the domain for testing.

Skills Gained

  • Proxmox virtualization: VMs, backups, templates.
  • Redundancy: DHCP & DNS failover.
  • Hardening: Windows/Linux security baselines.
  • Segmentation: VLANs & firewall rules with pfSense.
  • Directory management: OUs and users with PowerShell.
  • Lab design: expandable enterprise-like architecture.

Walkthrough

1. Proxmox Foundation

  • Installed on bare metal with dedicated management NIC.
  • Configured storage pools for VM disks/backups.
  • Created VM templates for Windows/Linux.
  • Used snapshots and clones for repeatability.
  • Secured Proxmox with updates and key-only SSH.

2. pfSense Routing & Segmentation

  • pfSense acted as router with multiple NICs.
  • Subnets for servers, clients, and management.
  • Firewall rules restricted lateral traffic.
  • VPN for remote access.

3. Core Services

  • 2 Domain Controllers: AD, DNS, DHCP, with failover.
  • 2 Linux Servers: hosted test pages, hardened configs.
  • 2 Windows 11 Clients: joined to domain, tested GPOs.

4. Hardening

  • Windows baselines and patching.
  • Linux hardened with SSH keys, firewalls, fail2ban.
  • Proxmox minimized and patched.
  • pfSense rules least-privilege audited.

5. Directory & User Simulation

  • OU structure: IT, HR, Finance, etc.
  • Generated users and groups with PowerShell.
  • Applied GPOs for password policy, drives, banners.
  • Tested logins and domain joins end-to-end.

Closing Thoughts

This lab turned one physical server into a segmented enterprise environment. With Proxmox and pfSense, I simulated real scenarios like DHCP failover, GPO enforcement, hardened server builds and a safe to practice, but realistic enough to mirror production. I plan on expanding this project to include Wazuh. This would give me an opportunity to play around with more security tooling and flesh out the lab.

← Back to Projects