About This Architecture

pfSense firewall with DMZ segmentation and Wazuh SIEM monitoring demonstrates a production-grade security operations center network architecture. Traffic flows from the WAN through pfSense (192.168.1.1 gateway, 192.168.2.1 DMZ gateway) into isolated LAN (192.168.1.0/24) and DMZ (192.168.2.0/24) segments, with Wazuh SIEM Server (192.168.1.10) monitoring Windows Server Victim (192.168.2.10) for intrusion detection. This architecture enforces least-privilege access, separates critical assets into a DMZ, and provides real-time security visibility—essential for detecting lateral movement and attack patterns. Fork this diagram to customize firewall rules, add additional monitoring agents, or adapt it for your lab environment. Color-coded traffic flows (red attack, orange LAN, blue DMZ, purple monitoring) make threat scenarios and detection workflows immediately clear.

People also ask

How do I design a SOC network with pfSense firewall, Wazuh SIEM, and DMZ segmentation?

This diagram shows a production-grade SOC architecture where pfSense firewall controls traffic between WAN, LAN (192.168.1.0/24), and DMZ (192.168.2.0/24) segments. Wazuh SIEM Server (192.168.1.10) monitors the Windows Server Victim (192.168.2.10) in the DMZ, detecting attacks and lateral movement. Color-coded traffic flows illustrate attack paths, firewall rules, and monitoring visibility.