Hardening Edge Infrastructure: pfSense & VLAN Segmentation

VLAN 10 (Management): Isolated for primary workstations.
VLAN 20 (Lab): Where the &ldquo;vulnerable&rdquo; targets live.
VLAN 30 (Red): Dedicated for C2 traffic and egress testing.

To maintain OPSEC and isolate exploit testing, I’ve implemented a multi-VLAN structure.

Rules are configured on a Deny-by-Default basis. Only specific ports are mirrored to the IDS for traffic analysis.