Hi everybody,
New to the OPNSense platform and so far am really liking it, I came over from Untangle. Digging into the optional packages I ran into Zenarmor and am intrigued to see if it's worth it as it's for a home network (but only the paranoid survive! 8) ) running OPNSense on a box with a N5105 & 16GB Ram (https://www.aliexpress.com/item/1005004950894114.html).
Right now I have Suricata and ClamAV running, and have a few questions with Zenarmor:
- At this point is ClamAV still useful?
- Will this overtax the box? Probably not but I do have a wife approval factor to manage
- Is Suricata still useful if you turn on Zenarmor?
I read that you use Suricata on the WAN interface, Zen on the LAN so at least that's that for the config part.
Thanks for your input!
For home usage, Zenarmor is enough.
Some may be mad, but ClamAV is a low tier solution. I wouldn't rely on it.
Suricata is an IPS/IDS. Enabling ET rules is great, but to properly function as an IDS, you will need to work with rules and actively analyze logs.
If you have remote stuff, open ports, etc, use it, otherwise, Zenarmor is good enough.