I had a FortiGate, a couple of FortiSwitches, an untouched Microsoft 365 Premium subscription, and a burning desire to rebuild the entire home lab from scratch.

On the kitchen table lay a napkin full of VLAN plans; in my head, the idea to build a network I could actually trust.

It started innocently. Just “a small re-architecture.”

A week later, I was deploying FortiAuthenticator, Duo, and FortiPAM. And, of course, what's a proper fortress without a screaming, all-flash Nutanix node roaring to life in the basement? So I spun that up too, and threw QRadar CE on it for good measure.

A month later, it started to look suspiciously like a managed SOC.

Welcome to my Zero Trust Home Lab. There is no “internal network” here. Every device must prove it’s not an enemy.

This is the first in a series. And the entire project had to start with the most critical component: Identity. My next post will cover the 'why' - the psychological and technical reasons for moving my entire personal domain from free email to a fortified Microsoft 365 Business Premium tenant.