OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: almodovaris on October 05, 2020, 06:29:10 pm

Title: Device count
Post by: almodovaris on October 05, 2020, 06:29:10 pm
Sensei says I have 19 devices, but that is cheating, since it also counts the devices which aren't protected by Sensei.
Title: Re: Device count
Post by: mb on October 05, 2020, 07:23:59 pm
Hi @almadovaris,

I think this comment is related to premium licensing.

Sensei counts the number of devices that are present in the network in a day. 

Technically speaking, we can -only- count a device if that device somehow communicated with the gateway/firewall - thus Sensei.
This way, Sensei is able know its presence and report it through the reports.

For licensing purposes, only IPv4 addresses are counted; so dual stack hosts are not counted twice.

We do not intend to "cheat" in any way. Please reach out to the team via "Contact us" menu located in the upper right hand corner of the UI and team will follow up with you to check.
Title: Re: Device count
Post by: almodovaris on October 05, 2020, 11:43:11 pm
Perhaps I should have added that it didn't stop working. It says it freely protects up to 15 devices and the mentioned 19 devices are a rather cosmetic bug. Anyway it should count each protected MAC address. I don't think anyone uses the same MAC twice since that is asking for trouble.
Title: Re: Device count
Post by: hushcoden on October 06, 2020, 12:57:46 pm
I'm currently using the free version and I can't see where Sensei is counting my devices: is that a feature for the premium only?
Title: Re: Device count
Post by: athurdent on October 06, 2020, 06:56:49 pm
I'm currently using the free version and I can't see where Sensei is counting my devices: is that a feature for the premium only?

E.g. the dashboard widget will show the number of unique devices, or the dialogue after pressing the upgrade button.
Title: Re: Device count
Post by: JasonJoel on November 29, 2020, 03:44:26 pm
We do not intend to "cheat" in any way. Please reach out to the team via "Contact us" menu located in the upper right hand corner of the UI and team will follow up with you to check.

I have a similar concern. I have a home premium subscription. I am only protecting a couple of networks on my firewall - not all (I have my IoT network excluded as I'm sure that would put me over 100 devices). The interfaces I'm protecting have maybe 40 devices max. But my count shows a very high number - presumably from the interfaces I'm not protecting.

Since my count is over 100 total, what is sensei going to actually do?

Here are my stats:
Active Users: 0
Unique Local Devices: 101
Unique Local Ip Address: 112
Unique Remote Ip Address: 3071
Title: Re: Device count
Post by: the-mk on November 29, 2020, 05:01:14 pm
do you have port forwarding in place? i.e. sending 80 or 443 from WAN to some internal device?
Title: Re: Device count
Post by: JasonJoel on November 29, 2020, 05:03:45 pm
I do, for wireguard. For that I had to forward UDP/51820 from WAN to LAN.
Title: Re: Device count
Post by: Koldnitz on November 29, 2020, 05:09:21 pm
I have also been wondering about device counts.

After Sensei began working with OpenVPN, my device count has went through the roof.

Before 1.6.1, I would have 30 to 40 unique devices, now, with the OpenVPN support, it says I have anywhere from 300 to 700+ unique local devices.

Hi @jh,

Internal memory buffers are adjusted according to IPv4 hosts. You don't need worry about IPv6 addresses.

Unique Local Hosts include both IPv4 and IPv6 addresses. If you want to see only IPv4 addresses, add a "Transport Proto" filter (Add Filter button on the top of Reports page) as TCP. Then the number of unique hosts value shows your actual device count.

We're updating Conn - Facts information to better show this information. With 1.3, you'll also have "Unique Local Devices" information.

So, for your Home Subscription, we had set it to 50 for providing a peace of mind; so it should be enough for Home use. If in any case, number of devices exceeds this, provided that it's not sustained, it should not cause a problem.

I get same amount when I use the mb's recommended way to calculate devices (above).  Please also note this was from before they adjusted home user's cap to 100 devices.

I believe Sensei is now counting the devices I am communicating with over OpenVPN as on my network.

I have never received any notice from Sunny Valley Networks about this, but I would be lying if I said I was not worried about it.

I like the home subscription and have no issue being way below its cap with the actual devices on my home network.
Title: Re: Device count
Post by: almodovaris on December 03, 2020, 04:51:08 am
Yup, I saw weird stuff like public IPs considered as local hosts. I have to admit that now that seems to be gone.

Perhaps your routing is misconfigured?
Title: Re: Device count
Post by: mb on December 04, 2020, 07:07:48 pm
@JasonJoel, you should be fine 10%-15% excessive use if that's not in a sustained fashion.

I guess if you're protecting openvpn "server" instances, this is has a potential implication with regard to Sensei detecting the "local device"

Can people experiencing this problem confirm if they have openvpn server or openvpn client instances?
Title: Re: Device count
Post by: JasonJoel on December 04, 2020, 08:03:25 pm
Thanks.

I have an OpenVPN server setup that I use to connect to my home network when I am away. There are only 2 users/devices setup to connect to the system.

Another question - is there any way to protect only SOME devices on a LAN/subnet, and not have all the ones you don't care about get counted in the licensing? I can think of application for this on IoT networks for sure where I may not care about a XBOX/PlayStation but may care about some limited number of VMs/general purpose computing devices.
Title: Re: Device count
Post by: Koldnitz on December 06, 2020, 07:00:55 pm
Mb,

I am using OpenVPN client.  I have 2 instances (load balancing) and I force a specific subset of IP addresses through them.  One of the IP addresses has a bittorent client.

The number of clients Sensei claims are on my network only balooned after netmap was able to work with OpenVPN.

If I remove my OpenVPN instances from protected interfaces, then filter protocol = TCP and set report for 15 minutes I actually get 17 devices.  I believe in reality I have somewhere between 30 and 40 devices on my network.

There is no way I have the 400 to 700 devices that Sensei has been showing ever since I was able to protect the OpenVPN interfaces.

I believe this is an interaction between Bittorrent and Sensei.

If need be I can easily not protect OpenVPN interfaces.

My main concern is you guys notice how many devices are showing on my network and ban me from using the home version of this product.

Cheers,
Title: Re: Device count
Post by: almodovaris on December 07, 2020, 12:40:09 am
Well, I did it this way: I did not protect OPT2 (ovpnc1), but I protected OPT1 (igb2). And I have fixed all routing issues. Since then, the number of devices reported by Sensei got back to normal.
Title: Re: Device count
Post by: mb on December 07, 2020, 06:20:47 am
@almadovaris, thanks for the update, noted.

@Koldnitz, got it. Don't worry about it, if that happens, drop us a ticket and we'll take care of the situation :)

Initial packet direction (egress or ingress) is important while Sensei is deciding on which end of the connection is actually local. We have also came accross some few cases where for some UDP flows the initial packet is arriving from WAN side. I guess this situation is elavated in the VPN scenario. Still investigating this. Will post an update once we have further information.

We are working on Device Identification & Automatic Asset Discovery these days. I believe this will also improve the situation here.

@JasonJoel, unfortunately, there's not an easy way to do this at the moment. However, after the device identification feature, it is possible that we'll also revisit this.
Title: Re: Device count
Post by: almodovaris on January 16, 2021, 05:58:45 pm
And, yes, I have found something: same computer, four operating systems, is shown as three devices:

Windows 10 computer name 1
Windows 10 computer name 2
Arch Linux and Windows PE boot stick (two operating systems seen as one device).
Title: Re: Device count
Post by: JasonJoel on January 22, 2021, 02:52:25 pm
I'm still struggling to see how I'm going to use Sensei in my home network environment with the 100 device limit.

I have ~80 IoT devices on their own VLAN. Some of these devices I DO want to protect, some I don't. Without the ability to exclude some assets in that VLAN from monitoring, I can't monitor anything on that VLAN without going over on device count.

I have ~9 more months on my subscription, but without either a higher device limit or a way to control what gets monitored/vs not monitored in Sensei I doubt I'll be renewing as I simply am not getting the full benefit out of it.
Title: Re: Device count
Post by: andrwhmmr on August 10, 2021, 03:46:35 pm
I'm still struggling to see how I'm going to use Sensei in my home network environment with the 100 device limit.
....

I second that. 100 Devices is laughably low considering even fridges have IP Adresses now...
And worst of all is the documentation just says "you may experience some performance loss..." what? can you please be a little more specific?

I am really confused.
Title: Re: Device count
Post by: JasonJoel on August 10, 2021, 03:50:04 pm
It kind of doesn't matter to me any more. Unless they give us the ability to make more profiles, I couldn't actually do anything useful with more devices in Sensei anyway.

Them being in there is great.... But if I can't make the right policies to do something with them, it is a bit meaningless to me.
Title: Re: Device count
Post by: andrwhmmr on August 12, 2021, 11:36:31 am
After a bit more digging, I guess it has to do with the backend mongodb or elastic database.
This is what they mean with performance loss, I guess this will be the limiting factor...
So I will give it a shot  :D
Title: Re: Device count
Post by: fabianodelg on August 13, 2021, 08:35:48 pm
Hi,

give it a shot. If you can, use an elasticsearch instance separated from your firewall; if not, and depending on the spec of your FW, use a local MongoDB instance -maybe with the cache optimization I was suggesting in this forum-.

It is defintely worth it, the amount of Intel you will get from Sensei (and the clarity) is beyond anything you can imagine.

Best wishes
Title: Re: Device count
Post by: hushcoden on August 15, 2021, 01:40:54 pm
If you can, use an elasticsearch instance separated from your firewall;
I noticed there is an Elasticsearch plugin provided by mimugmail: would this work with Sensei ?

Tia.
Title: Re: Device count
Post by: fabianodelg on August 16, 2021, 11:02:07 pm
Hi, there's no need of any plugin: if you have an elasticsearch instance available, Sensei will give you (during the installation process) to use that instead of MongoDB.

Hope this help...

Best wishes!