Hi I have an isolated nested isolated lab. Inside this lab, I want to block all ports except allowing the Internet to come in. I don't really know how to achieve this. Someone suggested I try M0n0wall, but that appliance requires 128 GB of RAM and only runs inside memory, so that's not going to work for me. I would like to use pfsense, but that is a little over my head and complex. I might try opnsense, but I don't have anyone to bounce questions off of. There's gotta be a user-friendly way to make this happen.
If there an easy appliance I can use as say the gateway in that nested environment, where I can block all ports except internet. I imagine for Internet, I'd just allow 80 and 443, is that right? Also I would I set this appliance as the gateway for all my ESXi hosts and VMs?
I currently have Windows Server 2016 as the DC, DNS, and so forth. Could I achieve this simply through the DC?
Any help would be appreciated. I thank you in advance. Very eager to try to get this setup working. An isolated lab where I can have Internet, but not really have to worry about much else.
Thanks!