Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mb

#1
Hi dinguz and cookiemonster

Rest assured. You're not, and will not be forgotten.

I'm Murat, founder and CEO of Zenarmor. dinguz, I know you from the very early days in the forum, so I wanted to reply directly.

I'd like to use this opportunity now to have a hear-to-heart conversation about our Home offering, because home subscription has been one of our hardest balancing acts since day one.

The challenge is to find a fine balance between providing the most value to our valued practitioners at a reasonable price point and also make sure what we're doing here is not hurting our B2B business revenue.

This is a real challenge because we have the privilege of working with such amazing people like you who have such advanced networks that you can only find in sophisticated organizations... homelab networks with 42U racks, active/active hypervisors running Active Directory, Active/Passive Firewalls, file servers, kubernetes clusters.., you name it.

We have done multiple iterations of improvements to the home plan, all based on practitioner feedback. The most recent one was back last year, and it seems to have met with satisfaction at large. On the other hand, I must say although we're explicitly telling the home plan is for non-commercial use, we were surprised to become aware of some large scale deployments of home subscription in some organizations. To that end, on the other hand, for some businesses, home subscription is even very powerful.

Our intention has been and will be not to remove any functionality that is already present in our home and even on our free offering. They're there to stay.

However, I understand that home tier might still be missing some functionality that some power practitioners might expect, or some newly introduced capability might also be useful for them.

Our solution to this is the "SASE Starter" program. It's the extended version of our prior Zenarmor Tinkerer Club (ZTC). Here, we're providing the entire feature-set to you with pricing reduced to home plan pricing. It has all the bells and whistles of our most advanced offering like full TLS inspection, multi-core support, CASB, SWG and even ZTNA. 

Similar to ZTC, it's invite-only and there's a vetting process, but unlike ZTC, inclusion criteria is not limited to SASE experience, but IT/network/security practitioners are eligible to benefit from the program for their personal, non-commercial use. If you are interested, simply reach out to us by sending an email to support - at - zenarmor.com and let us know you would like to be included in the program. There's a quick vetting process, but since you two and also many in this forum are already known to us, it'll be quite fast.

I also want to be clear about how the Home plan fits into our broader direction as a company.

The main trajectory for the company is to continue shipping and improving the industry's first and only ubiquitous, single-stack, single-pass and single-app enterprise network security stack. It's getting more and more recognition in the industry and is introducing a completely novel way to protect modern distributed networks for hybrid organizations.

Regarding the standard Home plan.. Our intention is to keep it, and to keep improving it where we can. That's not because it's a significant part of our revenue — it's a small percentage of it — but because we owe a debt of gratitude to practitioners like you who helped build this product in its early years.

Thank you both for years of pushing us to be better. That's not something we take lightly.

#2
Zenarmor (Sensei) / Re: Home users 3 policy increase?
September 26, 2025, 03:27:21 AM
@Taunt9930,

Thanks for your response & feedback.

We have indeed done several surveys with our existing home users - I was referring to the result of these surveys [1]. About 5% of the respondents had asked for support for multi-gigabit throughputs. Zenarmor's (and OPNsense) home user base is all tech savvy tech professionals who are very specific about their requirements when it comes to home security.

Quick question: You should be able to easily do 900 Mbps even with single-core as of now, with a fairly standard hardware.

Can you tell me a little bit about your hardware?


[1] https://www.zenarmor.com/blog/whats-new-in-zenarmor-home-more-devices-more-policies
#3
Zenarmor (Sensei) / Re: Home users 3 policy increase?
September 25, 2025, 04:34:59 PM
Hello @jlficken,

Glad to hear you're excited about the new 5-policy limit — that one came straight from the majority of requests we've been hearing, so we're happy to make it part of the Home subscription.

On multi-core support: we definitely see the value for power users like yourself, but at the same time it's not something the broader Home community has been asking for, and if we make it too powerful, we start seeing the Home plan misused in business environments (which the license isn't meant for). That's why we've kept the Home subscription balanced for personal use while still growing it step by step.

That said — we do want to support the advanced setups that some of our most passionate users are running. We're considering a SASE Starter tier that would fit more of lab-builder needs.

This isn't ready yet and will likely be invite-only rather than a generally available tier — but if that sounds interesting, feel free to reach out to us directly and we'd be happy to explore it with you.
#4
@mimugmail, thanks for putting this together! Much appreciated.
#5
Hi @aleco,

Any chances you might have "Anonymize IP address" settings enabled in Zenarmor -> Settings -> Privacy?
#6
Zenarmor (Sensei) / Re: New to Zenarmor, what is next
September 20, 2024, 02:11:21 AM
We published a video to serve as a guide for first time ZA users:

https://www.youtube.com/watch?v=xGgG-ki-KvQ&t=300s

Video will start right from the Policy configuration, but feel free to start from the beginning.

Hope this helps as well .

#7
Hi @GuruLee,

OPNsense 24.1 RC1 has the wireguard kernel mode netmap support available. Any chances you can give that a try? Or alternatively you can wait for 24.1 to be generally available.

With OPNsense 24.1 and Zenarmor 1.16.1 and forward, Zenarmor (and Suricata in IPS mode) is able to handle kernel mode wireguard as well.
#8
Zenarmor (Sensei) / Re: Zenarmor packet flow
October 10, 2023, 06:15:14 PM
Hi @Monviech,

That's a very helpful initiative, thanks.

Zenarmor (or Suricata in IPS mode) will be just between Ingress Interface and Scrub; and for the Egress path, it'll be between Traffic Shaping and Egress Interface.

Hope this inforamtion is helpful.
#9
Zenarmor (Sensei) / Re: Zenarmor pages blank
September 24, 2023, 03:05:05 AM
Got it, can you also run below command:


/usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/CLI.php settimestamp
#10
Zenarmor (Sensei) / Re: Zenarmor pages blank
September 24, 2023, 12:32:40 AM
Hi @gaurhoth,

We've heard this from a few more users and trying to get to the root cause.

In the meantime, a quick question and a workaround:

- Do you also use zenconsole cloud management ?
- If so, can you restart the cloud-agent to see if this resolves your problem? (You can do so either on the console (service senpai restart) or on Zenconsole FW dashboard.
#11
Hey @franco,

Thanks for the heads-up. Yes, it the tun patch is not in 23.7, that must be the reason.

Looking forward to the test kernel; team will go ahead and test it.

WRT wireguad-kmod netmap support, we're working on it to see whether it would be feasible to develop/maintain. We'll reach out to the team once we have some meaningful progress.
#12
That's good to hear indeed. Another reason why we should focus on improving emulated mode.

Let us check this on our lab as well.
#13
Got it, with IPv6+wan tracking interface initialization take a bit more longer because OPNsense tries to re-initialize the WAN interface as well.

Another question: when you use emulated netmap mode, is it better?
#14
Hi JasMan,

When you start/stop zenarmor engine, zenarmor (same with suricata in IPS mode) issues a call to netmap to start/stop inspecting packets for your protected interfaces respectively.

Once this is requested, netmap re-initializes the interface causing down/up events for the particular ethernet interface.

When OPNsense code notices a link down/up event; it tries to re-initialize and refresh interfaces and services.

This is expected. The thing I'm surprised in your case is that it takes so long for things to "calm down".

Quick question: do you have IPv6 enabled in your network or is it just IPv4?

#15
Zenarmor (Sensei) / Re: RAM and CPU
August 05, 2023, 01:57:31 AM
Hi @zzup,

This looks like a pretty decent system.

I can't see how much in there in ARC memory; but I'm guessing High RAM usage might be due to ZFS ARC cache. When there's available memory, ZFS will want to use it for caching. If it sees that some neighbor processors might need extra memory, it should happily return back some of the ARC memory.

More on this: https://wiki.freebsd.org/ZFSTuningGuide