Implementation of Multihomed Firewall Based on IDS and DMZ Technology Using PfSense
DOI:
https://doi.org/10.59934/jaiea.v4i3.1028Keywords:
Network Security, Multihomed Firewall, Pfsense, IDS, DMZ.Abstract
As cyberattacks increase, it is necessary to strengthen the mechanism of network defense. Ancae, it is necessary to improve cos This research aims to design and implement a multihomed firewall system using pfSense enhanced with Demilitarized Zone (DMZ) and Intrusion Detection System (IDS) Suricata to strengthen network security. This research uses a simulation-based experimental method in a virtualized environment, using VMware with three main network segments: WAN, LAN, and DMZ. Firewall rules are configured to segment traffic and enforce strict access control, while Suricata is integrated with the Emerging Threats Open (ET Open) ruleset to detect known attack patterns in real-time. Various attack pattern scenarios, including DoS, port scanning, and common brute force, were used to test the system. Log analysis showed that the firewall successfully blocked unauthorized access attempts and effectively segmented the network, while the IDS generated accurate alerts with minimal false positives. These results confirm that integrating pfSense, DMZ, and Suricata IDS provides a complex and responsive network defense strategy suitable for academic and medium-sized enterprise environments.
Downloads
References
X. Z. Wei Jia, Cuiping Shi, “Automatic Translation of English Terms for Computer Network Security Based on Deep Learning,” J. Electr. Syst., vol. 20, no. 3s, pp. 598–609, 2024, doi: 10.52783/jes.1335.
J. Zhang, H. Feng, B. Liu, and D. Zhao, “Survey of Technology in Network Security Situation Awareness,” Sensors, vol. 23, no. 5, pp. 1–25, 2023, doi: 10.3390/s23052608.
I. Cloudflare, “DDoS Threat Report for Q4 2024,” Cloudflare Radar. Accessed: Feb. 05, 2025. [Online]. Available: https://radar.cloudflare.com/reports/ddos-2024-q4
Z. Wang, C., Zhang, Y., Ding, H., “Applied Mathematics and Nonlinear Sciences,” Appl. Math. Nonlinear Sci., vol. 8, no. 2, pp. 3383–3392, 2023.
P. Peng, “Research on Computer Network Security Vulnerabilities and Encryption Technology in Cloud Computing Environment,” Appl. Math. Nonlinear Sci., vol. 9, no. 1, pp. 1–17, 2024, doi: 10.2478/amns-2024-0171.
F. Zhao, “Computer System Security and Power Data Network Integrated Security Strategy Analysis and Optimization,” J. Netw. Comput. Appl., vol. 10, pp. 14–19, 2025, doi: 10.23977/jnca.2025.100103.
M. Zajeganović, “pfSense Router and Firewall Software,” Sint. 2023-International …, 2023, [Online]. Available: https://portal.sinteza.singidunum.ac.rs/paper/918
J. Huang, D. Zhang, S. Yang, M. Jia, H. Jiang, and X. Du, “Safety Monitoring Scheme of Gas Pipeline Network Based on Multi-homing Technology,” Adv. Eng. Technol. Res., vol. 9, no. 1, p. 119, 2023, doi: 10.56028/aetr.9.1.119.2024.
H. W. Oleiwi, N. Saeed, H. L. Al-Taie, and D. N. Mhawi, “Evaluation of Differentiated Services Policies in Multihomed Networks Based on an Interface-Selection Mechanism,” Sustain., vol. 14, no. 20, 2022, doi: 10.3390/su142013235.
S. Praptodiyono, T. Firmansyah, M. H. Anwar, C. A. Wicaksana, A. S. Pramudyo, and A. Al-Allawee, “Development of Hybrid Intrusion Detection System Based on Suricata With Pfsense Method for High Reduction of Ddos Attacks on Ipv6 Networks,” Eastern-European J. Enterp. Technol., vol. 5, no. 9(125), pp. 75–84, 2023, doi: 10.15587/1729-4061.2023.285275.
W. Buqing, “Analysis of a new firewall constructed on Pfsense with Snort to defend against common internet intrusions,” Appl. Comput. Eng., vol. 43, no. 1, pp. 244–250, 2024, doi: 10.54254/2755-2721/43/20230841.
H. Abdulameer, I. Musa, and N. S. Al-Sultani, “Three level intrusion detection system based on conditional generative adversarial network,” Int. J. Electr. Comput. Eng., vol. 13, no. 2, pp. 2240–2258, 2023, doi: 10.11591/ijece.v13i2.pp2240-2258.
Dhuha Sabri Ghazi, H. S. Hamid, M. J. Zaiter, and A. S. Ghazi Behadili, “Snort Versus Suricata in Intrusion Detection,” Iraqi J. Inf. Commun. Technol., vol. 7, no. 2, pp. 73–88, 2024, doi: 10.31987/ijict.7.2.290.
A. D. Saleem and A. A. Abdulrahman, “Attacks Detection in Internet of Things Using Machine Learning Techniques: a Review,” J. Appl. Eng. Technol. Sci., vol. 6, no. 1, pp. 684–703, 2024, doi: 10.37385/jaets.v6i1.4878.
D. Rahmat, I. Suherman, Z. Muharraran, and A. Khotimah Husna, “Perancangan De-Militarized Zone (Dmz) Area Berbasis Intrusion Detection System (Ids) Pada Infrastruktur Jaringan Komputer,” INFOTECH J., vol. 10, no. 1, pp. 1–11, 2024, [Online]. Available: http://ecgalery.blogspot.co.id/2011/01/dmz-
S. Somantri, R. Zulkarnaen, and Gina Purnama Insany, “Design and Build a Network Security System Using Port Knocking, DMZ and IDS Techniques at SMA Negeri 1 Warungkiara,” J. Informatics Telecommun. Eng., vol. 7, no. 1, pp. 292–307, 2023, doi: 10.31289/jite.v7i1.9674.
N. I. C. Mat, N. Jamil, Y. Yusoff, and M. L. M. Kiah, “A systematic literature review on advanced persistent threat behaviors and its detection strategy,” J. Cybersecurity, vol. 10, no. 1, pp. 1–18, 2024, doi: 10.1093/cybsec/tyad023.
H. Najafi Mohsenabad and M. A. Tut, “Optimizing Cybersecurity Attack Detection in Computer Networks: A Comparative Analysis of Bio-Inspired Optimization Algorithms Using the CSE-CIC-IDS 2018 Dataset,” Appl. Sci., vol. 14, no. 3, 2024, doi: 10.3390/app14031044.
D. Silva, J. Rafael, and A. Fonte, “Virtualization Maturity in Creating System VM: An Updated Performance Evaluation,” Int. J. Electr. Comput. Eng. Res., vol. 3, no. 2, pp. 7–17, 2023, doi: 10.53375/ijecer.2023.341.
T. Dmytro, Y. Vasyl, T. Vitaliy, and N. YATSKIV, “INTERACTIVE CYBERSECURITY TRAINING SYSTEM BASED ON SIMULATION,” Int. Sci. J., no. 4, pp. 215–220, 2024, doi: 10.31891/2219-9365-2024-80-26.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Journal of Artificial Intelligence and Engineering Applications (JAIEA)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
