Nothing scratches my networking itch like designing a network from the ground up and seeing all the pieces work together (or not work together—troubleshooting is half the fun, right?). So when I got my hands on a Protectli Vault and some Unifi access points, I knew it was time to build out the kind of network security lab I’d always wanted: more configurable than any consumer-grade router and, quite frankly, completely overkill.

The foundation of this lab is pfSense, which acts as my firewall and router. Security is my priority, so setting up real-time Intrusion Detection and Prevention with Snort and building out custom IP blocklists was a must. Setting up pfSense as my internal Certificate Authority was a personal achievement. There’s something satisfying about generating and issuing your own SSL certificates for all your self-hosted services and getting rid of those pesky “This site is insecure” messages.

But it wasn’t just about locking things down locally—I wanted encrypted remote access as well. So I configured Tailscale and, for good measure, OpenVPN. Both play nicely with pfSense and give me secure access to my local network from anywhere.

This whole lab was a sandbox for skills in network segmentation, IDS/IPS best practices, and remote access VPNs. It was a lot of fun to tinker with all the settings and tune my network to behave exactly how I want it to.