Networking

Showcasing my work in information technology and cybersecurity fields.

Designing a resilient and scalable in-house network demanded more than just basic connectivity—it required a layered architecture built around segmentation, security, and dynamic control. To meet those goals, a hybrid infrastructure was implemented using multiple Cisco switches, a dedicated router, and dual-firewall systems utilizing OPNsense and PFsense, deployed across both bare-metal hardware and virtualized platforms. This was further enhanced with Software-Defined Networking (SDN) capabilities managed through Proxmox VE.

At the core of the physical network sat a series of Cisco-managed switches, strategically deployed to separate and prioritize traffic across different zones: production, development, storage, and administrative networks. VLANs were configured to enforce logical separation while still enabling controlled inter-VLAN routing. A high-performance router was deployed to act as the central gateway and provide fine-tuned control over data flow between subnets, edge devices, and external internet access.

On the security front, both OPNsense and PFsense were integrated into the topology, providing redundant firewall protection and layered security control. These firewalls weren’t just deployed on traditional hardware—they were also virtualized within the Proxmox cluster, allowing for flexible, rapid failover and testing environments. In both forms, they offered deep packet inspection, VPN endpoints, and advanced traffic shaping to ensure performance under load.

One of the most critical features implemented across these firewalls was IDS/IPS (Intrusion Detection & Prevention). Leveraging tools like Suricata within OPNsense and PFsense, real-time network traffic monitoring was enabled to detect and block malicious behavior. These systems were updated regularly and configured with alerting mechanisms to ensure prompt response to any anomalies. The inclusion of IDS/IPS ensured a proactive rather than reactive security posture.

Virtualizing these firewall systems added an additional layer of agility. By spinning them up inside Proxmox, they could be snapshot, rolled back, clustered, and even migrated live—all without touching physical hardware. This hybrid approach provided high availability and made disaster recovery scenarios easier to test and execute. It also allowed for temporary sandbox environments where new rulesets or configurations could be trialed safely.

All of this was tied together with Software-Defined Networking features made available through Proxmox. Using bridges, VLAN-tagged interfaces, and SDN integration, network resources could be dynamically assigned to virtual machines, containers, and firewalls across nodes. This gave unprecedented flexibility—services could shift between physical and virtual networks without downtime, bottlenecks, or manual rewiring.

In the end, this network wasn’t just built to function—it was built to adapt. With Cisco at the hardware layer, Proxmox as the orchestrator, and dual-layer firewalls guarding the gates, the result was a secure, segmented, and software-defined network backbone—ready to handle anything from basic services to advanced AI workloads and sandboxed experiments.