I am new to OPNsense and firewalls in general. I've spent the last month getting up to speed on basics and stabilising my device. I am running 25.7.2 with Zenarmor and Crowdsec. I use NextDNS configuration profiles on my Apple devices. I also use iCloud's private relay feature (a VPN, basically).
After I recently discovered two Mac trojans on one of my hard drives, I am taking the security of my network and devices more seriously. I have played around with different combinations of Zenarmor, iCloud Private Relay, and NextDNS, turning them on and off. When I tested ZenArmor alone for a day, it blocked 104 potentially dangerous sites, of which 17 were malware-related. This makes me reluctant to disable it by using superceding services. I also like the way that Zenarmor helps me visualise the outgoing traffic on my LAN. I find it helpful.
I am currently on the Free version of Zenarmor, but from what I understand, upgrading to the Home version won't allow me to perform deep packet inspection. Given that DNS encryption and VPNs are so useful, should I just write off ZenArmor? I know that NextDNS touts malware protection but the dashboard can't compare with Zenarmor's granularity. Is there possibly some happy medium here?
Hi,
Actually for the full TLS inspection, Zenarmor has SASE Starter license tier for home users. Did you check it?
Quote from: sy on September 12, 2025, 05:51:21 PMHi,
Actually for the full TLS inspection, Zenarmor has SASE Starter license tier for home users. Did you check it?
I can't see that on the website - are you able to link to it so we can take a look?