In this lab we go through how to configure pfSense as a next-generation firewall (NGFW) with DNSSEC validation and Suricata IDS/IPS, balancing Confidentiality, Integrity, and Availability.

We are going to try and simulate an SSH brute-force attack from a Kali Linux attacker to an Ubuntu victim, capture the activity in Security Onion, and export detection logs for reporting.