pfSense Home Network Firewall & Infrastructure Upgrade

I implemented a pfSense-based firewall to replace my ISP-provided router in order to improve the security, visibility, and control of my home network while gaining hands-on experience aligned with the CompTIA Network+ objectives. pfSense was installed on a Qotom Q310P with dedicated WAN and LAN interfaces, positioned between the ISP’s MikroTik router (now a glorified PoE injector) and a Cisco Catalyst 2960 switch. The firewall was configured to handle routing, DHCP, NAT, and firewall rules, and additional services such as Snort (IDS/IPS), pfBlockerNG, and ntopng were deployed to enhance network security and traffic monitoring. Wireless connectivity was provided by a TP-Link Archer AX4400 configured in access point mode.

During deployment, wireless clients retained internet access, but the access point became unreachable through both local web management and cloud-based mobile management. I diagnosed the issue by analyzing DHCP leases, gateway configuration, and Layer 2/Layer 3 behavior, identifying that the access point retained outdated IP settings after the firewall replacement. Resetting and re-adopting the access point allowed it to obtain a new IP address from pfSense, restoring full management access. The final configuration included static management IPs for infrastructure devices and a corrected default gateway on the switch, resulting in a stable, secure, and scalable network foundation with planned future expansion into VLAN segmentation.