Secure Networking - A Company Network Project on Open-Source

Practice building a company-like network project on GNS3 using Linux nftables firewall cluster, PacketFence NAC, pfSense, strongSwan IPSec, and Wireguard VPN, Learn network security, pentest, Kali Linux, and Wireshark

Secure Networking - A Company Network Project on Open-Source

Choose a Pricing Option

Course Curriculum
(15.5 hours)

  Fundamentals 1: Building up a GNS3 Virtual Lab
Available in days
days after you enroll
  Fundamentals 2: Networking Basics
Available in days
days after you enroll
  Fundamentals 3: Unix-like OS Basics
Available in days
days after you enroll
  Fundamentals 4: Packet Capture Analysis using TCPDump, Wireshark and TShark
Available in days
days after you enroll
  Company Network Project Kickoff
Available in days
days after you enroll
  Adding Open Source Switches (Cumulus Linux)
Available in days
days after you enroll
  Adding 2 Firewall Clusters: Linux nftables (Keepalived VRRP) & pfSense HA (CARP)
Available in days
days after you enroll
  Adding Open Source VPN technologies using Strongswan IPSec, OpenVPN & Wireguard
Available in days
days after you enroll
  Adding Open Source Network Access Control (NAC) using PacketFence
Available in days
days after you enroll
  Adding Two-factor authentication (2FA) to SSH servers in management VLAN
Available in days
days after you enroll
  How secure did we build this network? Let's pentest it!
Available in days
days after you enroll

Course description

When it comes to open-source, the sky is the limit!

In a nutshell, you will build a company-like network with headquarter and branch office on Unix-like OSs and open-source tools, then try to hack its vulnerabilities.

From switches to endpoints, clustered firewalls, servers incl. Network Access Control, shortly NAC server, jumpers, and anything else are all built on a flavor of Linux OS such as openSUSE, AlpineLinux, Debian, Ubuntu, etc., or a Unix-like OS such as FreeBSD.

Network security should be embedded into the nature of the corporate's network and that is what we learn in this course.

We do not care much about vendors and logos, but practical concepts. For example, we dive into Shell commands, TCP/IP and networking fundamental concepts, and core network security principles using open-source, yet industry-proven products.

We aim to teach you how standard networking concepts are "designed" and are also "applied" in work environments.

Why a pure Linux-based network? Besides the fact that Linux runs the world, if you learn the secure networking using Linux, Unix, and open-source tools, you will feel pretty confident about their commercial equivalents. For example, if you learn network firewalling using iptables and nftables, you won't have any issues with Cisco FirePower, FortiGate, or Juniper firewalls.

As said, we are not into vendors, we are interested in standardized theoretical concepts and practical technics. This method will give you a firm conceptual understanding of underlying technologies and ideas about how finished products like Cisco switches, Fortigate Firewalls, Cisco ISE NAC, HPE Aruba, and so on, actually work behind the scene.

In the end, you will run the most common network attacks using Kali Linux against the network you built yourself.

Your Learning Key-Terms:


GNS3 Lab (with Hyper-V & VirtualBox Integration)


OSI Model

Network Topologies

IP Subnetting


Traffic Tagging


NIC Teaming

LAGG (Link Aggregation)

MLAG (Multi-Chassis Link Aggregation)

Bond Modes: Active-Backup, 802.3ad (LACP)


Spanning Tree

Inter-VLAN Routing

Routing & ARP Tables

MAC Flood

IEEE 802.1X & MAB (MAC Address Bypass)

Network Access Control (NAC)

PacketFence (Open Source NAC)

Extensible Authentication Protocol (EAP) (EAPoL)


Linux Open Source Networking

Nvidia Cumulus Linux Switch

openSUSE Linux

Ubuntu Linux

Alpine Linux

Linux Shell Command Line


Netfilter Framework

Packet Filtering



Packet Capture Analysis

Wireshark, TShark, Termshark, and TCPDump

Linux Clustering




Virtual Private Network (VPN)


strongSwan IPSec (swanctl)


pfSense Firewall (FreeBSD)

pfSense Cluster

Next-Gen Firewall

Demilitarized Zone (DMZ)

Ethical Hacking Network Attacks and Technics

SSH BruteForce Attack

MITM with Mac Spoofing Attack

MITM with DHCP Spoofing Attack



DHCP Starvation

DNS Spoofing

Offensive Packet Sniffing

ARP spoofing, ARP cache poisoning attack

Network hacking

Cyber security

Network Hardening Solutions

What you’ll learn

  • Learn network security, open networking & Linux engineering in one tutorial
  • Building up a company-grade segmented network entirely on Unix-like OSs
  • Grasp the full picture of the underlying technologies in network security
  • Project-based learning of firewall clusters on OpenSUSE Linux as well as pfSense
  • Learn about NAC (802.1X, EAP, EAPoL) using PacketFence to reject or accpet clients on switches
  • Networking core fundamentals such as Traffic Tagging using VLANs, Trunking, STP, subnetting, LAG, MLAG, etc.
  • Learn firewall's core functionalities & be able to work with any firewall, no matter what brand
  • Initial to advanced configuration of Nvidia Cumulus Linux switches
  • Learn how head & branch offices securely communicate using IPSec site to site VPN
  • Learn most common network attacks and penetration testing technics
  • Learn underlying cluster technologies e.g. Keepalived & VRRP on Linux
  • Practicing network security by segmentation, compartmentalization, & isolation
  • Learn how to create different VLANs in a company and control their traffic on each other
  • Setting up Linux based DHCP server to serve IP addresses in different VLANs
  • Learn network redundency methods e.g. LACP (802.3ad), balance-rr, balance-xor, etc. on Linux, pfSense and Cumulus switch
  • Learn how to migrate from iptables to nftables
  • Project-based learning of advanced pfSense firewall features
  • Project-based learning of packet capture & analysis using Wireshark, TShark, TermShark & TCPDump
  • Learn about openSUSE, AlpineLinux, Debian, Ubuntu and FreeBSD
  • Implement IPSec VPN on openSUSE using strongSwan
  • Configuring openVPN remote access for home office users
  • Configuring Wireguard remote access for IoT devices (key based authentication)
  • Learn how to harden SSH logins using two-factor authentication (2FA)
  • Learn virtualization using VirtualBox and GNS3
  • Yersinia attack toolkit

Are there any course requirements or prerequisites?

  • No prior programming knowledge required
  • Basic IT & networking skills
  • A virtualization compatible computer
  • Internet connection
  • Passionate curiosity for learning (is a must)

Who this course is for:

  • Computer Students, learners and enthusiasts
  • IT administrators
  • Network engineers
  • Linux engineers
  • Cybersecurity specialists
  • Firewall administrators