1
Zenarmor (Sensei) / Re: Block YouTube App
« on: December 21, 2020, 10:56:01 am »
that PIN option sounds amazing !
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
French - Français / Re: IDS/IPS en inspection de certificats
« on: December 14, 2020, 08:43:57 pm »
Justement, à partir de l'étape pour le https cela impose d'utiliser un certificat sur les navigateurs. Ce que je ne veux pas.
3
Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device
« on: December 14, 2020, 06:55:08 pm »SVN team did some analysis on my router today and:Is that a 7th generation proc ? I have an i5 8th and it seems that i got more physical CPUs.
- confirmed that throughput indeed drops from >900 Mbps to ~250 Mbps when Sensei is on and active
- throughput goes back to >900 Mbps when Sensei is in bypass mode
- disabling the hyperthreading of firewall increased the throughput to ~350 Mbps
My device is one of the new-generation Protectli clones: https://www.aliexpress.com/item/4000803229693.html
i7 CPU with 32 GB ram and 500 GB mSATA
Will post an update once we progress more.
4
Zenarmor (Sensei) / Re: Block YouTube App
« on: December 01, 2020, 03:57:10 pm »In fact they always says it is 3,4 layer. We do not do ssl decryption as well. It's only SNI checking.
QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).
This Sounds thats sensei app detection only operates on layer 3/4 detection. This is not enough for the real App detection and control used in next Generation Firewalls - as it must operate in upper Layer 5 up to 7. You must examine up to the Layer 7 to fully catch things like Youtube Video streams
5
Zenarmor (Sensei) / Re: SOLVED Resolving hostname
« on: November 18, 2020, 03:10:00 pm »
in System: Settings: Administration
try to tick DNS Rebind Check
try to tick DNS Rebind Check
6
Zenarmor (Sensei) / Re: sensei blocks NFL Gemapss with Ads/Ad Tracker enabled
« on: November 18, 2020, 03:08:23 pm »
go at the top right and click on allow button on any nfl.demdex.net line to allow it and wait the engine reload then try again.
7
French - Français / IDS/IPS en inspection de certificats
« on: November 18, 2020, 02:49:55 pm »
Bonjour à tous, venant d'un Fortigate où il m'était possible d'inspecter les certificats TLS sans déchiffrement, je n'arrive pas à mettre cette configuration en place sur OPNsense. Je vois bien l'option SNI (Log SNI information only
) que je coche mais sans certificat cela ne fonctionne pas.
Des idées ou tutoriels sur lequel je puisse m'appuyer ? Merci.
) que je coche mais sans certificat cela ne fonctionne pas.
Des idées ou tutoriels sur lequel je puisse m'appuyer ? Merci.
8
Zenarmor (Sensei) / Re: Resolving hostname
« on: November 13, 2020, 02:58:54 pm »
Coming back to you as Salih from the support find the problem.
We had to use 192.168.1.3 and not 102.168.1.3/32 for aliases or it won't work.
If that call help ppl..
We had to use 192.168.1.3 and not 102.168.1.3/32 for aliases or it won't work.
If that call help ppl..
9
Zenarmor (Sensei) / Re: Resolving hostname
« on: November 06, 2020, 02:37:04 pm »
Will do it when i'll be back at home. Thanks !
10
Zenarmor (Sensei) / Re: Resolving hostname
« on: November 04, 2020, 12:53:59 pm »
Will try. I didn't use unbound
11
Zenarmor (Sensei) / Re: Resolving hostname
« on: November 03, 2020, 07:28:13 pm »
Yes and i also tick : Use OPNsense Host aliases for DNS enrichment
I put all my hostname in aliases with network and /32 by ip and it's the same.
Actually i use remote (1.1.1.1) dns in Sensei config meanwhile i use local (adguardhome) dns server. I will replace 9.9.9.9 by my local dns and see how it goes.
I put all my hostname in aliases with network and /32 by ip and it's the same.
Actually i use remote (1.1.1.1) dns in Sensei config meanwhile i use local (adguardhome) dns server. I will replace 9.9.9.9 by my local dns and see how it goes.
12
Zenarmor (Sensei) / SOLVED Resolving hostname
« on: November 02, 2020, 10:33:03 am »
Hi there,
I can't find a way to resolve local hostnames.
I can't find a way to resolve local hostnames.
13
Development and Code Review / Re: Open Source DPI Engine - Netify Agent
« on: October 28, 2020, 06:42:37 pm »
I'm too interrested to know about the question above 
14
Zenarmor (Sensei) / Re: suggestion for safesearch
« on: October 25, 2020, 03:58:48 pm »
Great ! I had another question but the answer is on the roadmap :
Policy based Shaping (App, Web category ..) as i used it a lot to priorize voip over www, media or p2p/bulk at home.
Can't wait !
Policy based Shaping (App, Web category ..) as i used it a lot to priorize voip over www, media or p2p/bulk at home.
Can't wait !
15
Zenarmor (Sensei) / suggestion for safesearch
« on: October 24, 2020, 10:34:32 am »
hi there, as i'm coming from Fortinet as i already said, I have some insights and suggestions to improve Sensei even more.
Actually i can't find option to force safesearch for some websites like google,bing,yandex etc..
For instance the big prob actually is if i want to block porn it works but if i want to find porn through yandex.com it works as it's not in safesearch. As i'm testing web filtering for young people i can't actually put opnsense in production.
I know we could do it on dns or hosts file but it could be easier to tick/untick option in web control for instance.
Actually on my adguardhome (dns server) i made dns rewrites. My objective is to concentrate all options on opnsense and drop my dns server.
Does someone knows if it will be added ? Thanks
Actually i can't find option to force safesearch for some websites like google,bing,yandex etc..
For instance the big prob actually is if i want to block porn it works but if i want to find porn through yandex.com it works as it's not in safesearch. As i'm testing web filtering for young people i can't actually put opnsense in production.
I know we could do it on dns or hosts file but it could be easier to tick/untick option in web control for instance.
Actually on my adguardhome (dns server) i made dns rewrites. My objective is to concentrate all options on opnsense and drop my dns server.
Does someone knows if it will be added ? Thanks
Pages: [1] 2