Hello together,
I use the NGFW Plugin Zenarmor on OPNsense.
I duplicate the default Police and create a own Police:
Securtiy:
Malware/Virus
Pishing
Hacking
Advanced Security
Recent Malware/Phishing/Virus Outbreaks
Botnet
Compromised Website
Spyware and Adware
Keyloggers and Monitoring
And Web Controls:
Block TLS Encrypted Client HELLO (ECH)
I get on many sites the Browser Error Message "Secure Connection Failed"
In the Live Session Log I can see the Block in the App category "Secure Web Browser" or "Malware/Virus"
I don't get the Error Block Message from the Zenarmor Plugin.
Example sites:
https://www.ikkaro.net/
https://linuxvox.com/
https://nmap.org/
I have two problems:
Why I don't get the right Zenarmor Error Message?
If I browse to sex.de, then I geht the Zenarmor Error Block Message by Category Pornography
Why are so many blocks from the IP 188.144.96.3 or 188.144.97.3?
Best regards
Arhtur
Hi Arthur,
When the "Block Notification Page" is enabled, Zenarmor blocks TLS sessions based on the initial DNS request. For this to function correctly, client DNS traffic must be standard UDP on port 53 and pass directly through Zenarmor. Please note that encrypted protocols like DNS over HTTPS (DoH) or DNS over TLS (DoT) are not used on clint side. You can block both in App Controls and Web Controls. For standard HTTP traffic, the landing page will display automatically without specific DNS requirements. Please verify that the client is not using DoH/DoT and that their DNS traffic is being routed through Zenarmor.
Additionally, the following IP addresses have been reported for malicious activity. Please review the details via the links below:
https://www.abuseipdb.com/check/188.114.96.3
https://www.abuseipdb.com/check/188.114.97.3
The Clients are using the OPNsense as DNS.
How can I see that the Traffic go's through the Zenarmor Plugin?