OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: RedeyeAce on April 20, 2021, 01:28:09 pm

Title: Does Sensai play well with others?
Post by: RedeyeAce on April 20, 2021, 01:28:09 pm

Hi Guys,

Background

I have been evaluating differing platforms that my wife and brother can easily administer, and I think that 'Home' could fit our needs. However, after a couple of days, I have come to realise (Whilst chasing problems down) that the Installation instructions and Forum could be tweaked to aid the user experience.

So far, I confess to liking Untangle for it's ease of use; so you can see why Sensai peaks my interest and I think, and hope, that this project is going to get there. I also believe that it could potentially have the edge, given time, for the ability to; install more modules, have more customisation in general, and access to a larger 'tinkerer' community i.e having the best of both worlds.

I like OPNSense as it's slightly easier than PfSense (past user) and also given the partnership with ProofPoint for ET Pro telemetry and now Sensai's central interface.

• Which I assume means that my wife and brother will be able to use the 'Cloud Management Portal' e.g. if a rule goes wrong or to check 'what's wrong' whilst keeping the Firewall fully closed off from the world?

If my wife needs support it needs to be remote as our families are hundred's of miles away.

My Original Assumptions 'D'oh'; due to lack of information

After installing OPNSense, I immediately setup the usual suspects of IDS (with ETPro telemetry) and Unbound. I had a gut feeling not to install web proxy as presumably Sensai would be doing a lot of tinkering with it, so I didn't want another package interfering.

I'm beginning to realise that I had made incorrect assumptions where I thought: If I installed Sensai last, Sensai would check the usual directories, see the databases already in use, append and dedupe; leading to one database instance per function (module), with Sensai then having full control and reporting for DNS, threats etc. I also Assumed that if the user wished for seperation, that they would have to do so by way of seperate instancing of dns / pihole/ etc. somewhere else which in turn provides users with both options.

Purely due to the headaches of chasing things down and seemingly where adding things to whitelists are not working despite checking the format ".domain.com" where normal formatting also failed (in the varying places). I couldn't get my head around firewall aliasing to bypass everything.

Would it be possible to:

• Get a sticky for OPNSense with Sensai 'Handy hints and tips' or 'Read me first'?
• Make it clear that Sensai does not overview everything and any modules added to OPNSense would also require checking should issues arise. This should include the hierachy for white and blacklisting ( I believe Sensai is last?)
• Include what modules can be installed that Sensai can control?
• Include modules can be installed that Sensai can view and report on?
  These modules probably need an inclusion tickbox or something in config for selecting? i.e. information Sensai can 'read only' on these modules and include in the reporting as to which module information was from, to enable better hunting.
• Whether the modules should be installed before or afterward?
• Which modules are common to run alongside in  spite of Sensai not being able to control or view them.
• Consider or change the evaluation period. Realistically and in part due to the below, 7 days is no where near enough time to evaluate the product? 

I get that you could use free for a while then convert, however there are those of us that need the paid features to make an informed choice when comparing the competition. You pretty much have to try the 7 day paid evaluation off the bat. This certainly doesn't allow for new users to OPNSense, nor the chasing down of issues, nor the working out module hierachy.

I personally would like to see the AD Connector included in home or have the option for a modest upgrade to gain the function. Whilst i've not played with AD for a decade, most of us have the capabilities to implement it, or similair. In my case; keeping with the theme of making things easier, it is something I am considering.

Thanks ever so much,
Jon

Title: Re: Does Sensai play well with others?
Post by: mb on April 22, 2021, 02:15:33 am

@RedeyeAce, thanks for taking the time and providing feedback. Much appreciated.

Quote

Which I assume means that my wife and brother will be able to use the 'Cloud Management Portal' e.g. if a rule goes wrong or to check 'what's wrong' whilst keeping the Firewall fully closed off from the world?

Yes, correct. You are able to manage your rules and policies from anywhere. Though, Release 1.9 will be delivering the Policy Management, which was the missing piece in 1.8. 1.9 is scheduled for late this month.

I think you're right. People who are already familiar with OPNsense have a prior background about the plug-in system and how Sensei is fitting into it; but those who are new are likely to have questions.

Recently, two new colleagues have joined the documentation team, so expect more in-depth documentation/guides/howtos. A sticky post, welcoming the new users would be a great idea. We'll go ahead and do that.

The beauty is that Sensei can co-exist with almost all of the other powerful OPNsense tools and plug-ins. The only exception is Suricata, since we're using the same packet interface and only one consumer can run on a single interface. To our experience, Sensei users prefer to deploy Suricata on the WAN side; whereas Sensei on the LAN side to handle this.

As per your suggestion, I think we need to priorize the "Sensei hints and tips guide" a bit; and this will help the new OPNsense users a lot in terms of getting used to Sensei and to make use of the eval period more efficiently.

HOME edition is always on our table; and we are listening to suggestions and exploring new ways to provide Sensei to the whole 'tinkerer' community, which we find very valuable.