Let's set up 802.1X authentication on the pfSense 4200 using FreeRADIUS and a Windows Certificate Authority (CA) as part of Zero Trust.

This post outlines how to build a segmented, secure network using pfSense on a Netgate 4200, a budget-friendly managed switch, and VLANs with point-to-point firewall rules. The objective is to use 802.1Q VLAN tagging to create isolated network zones and enforce access control with pfSense’s built-in firewall.

This Zero Trust series starts with core principles, identity, segmentation, and least privilege. I’ll cover real-world tools like pfSense, 802.1X, IPsec, firewalls, smartcards, and certificate-based authentication. We’ll first explore the theory behind Zero Trust, followed by its practical implementation, the fun part. Although the theory is wordy and a bit.... boring, it's important to understand the principles and how they apply to the implementation of the tech.