Messages

1

General Discussion / Re: Move to 14.1?

« on: May 13, 2024, 12:37:31 am »

Would there be any possibility of moving toward 14.1 this summer?

I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.

2

24.1 Legacy Series / Re: Slow download speed compared to directly connected to modem

« on: March 05, 2024, 08:35:50 pm »

Not from me, no. Sorry. I would get physical hardware.

3

24.1 Legacy Series / Re: Slow download speed compared to directly connected to modem

« on: March 05, 2024, 05:59:23 pm »

Ideas....


1. Running your perimeter security device in a VM is a very poor security practice.
2. If you must run in a VM, review what virtual hardware devices you are using in the VM for the NICs. You may have chosen a high compatibility, but lower performance, option. Paravirtualized is typically higher performance than Intel or VMware options in Proxmox.
3. Review CPU and memory configuration of the VM. Increased throughput usually required some amount of increased CPU.
4. Review what the hardware NICs you have in the host. Maybe that is all the throughput they can handle when used in a virtualized environment, not that uncommon with Realtek NICs (although that is a lot less true today than it used to be in the past).

4

23.7 Legacy Series / Re: Enable registration of DHCP client names in DNS

« on: September 18, 2023, 05:24:54 pm »

When using unboud - the default DNS server - you just ensure the following check boxes are checked in Unbound DNS -> General:

Register DHCP Leases
and
Register DHCP Static Mappings

If not using unbound I wouldn't know.

5

22.7 Legacy Series / Re: How to control the interface bandwidth usage evenly on egress and ingress

« on: August 11, 2022, 07:04:50 pm »

I guess I don't understand the use case...

Is your interface half duplex? If not, the ingress and egress bandwidth are independent of each other, and what you are trying to do wouldn't make sense?

6

22.7 Legacy Series / Re: None of my VLAN interfaces are working after upgrade to 22.7

« on: August 08, 2022, 04:01:06 am »

but now I plan to abandon OPNsense after this debacle as it appears quality control is nonexsistent or lazy

No worries. Good luck on whatever other system you choose.

I would rollback to a version prior to 22.7

I would give different advice, and I think it applies to all software in general: never install v1 of a new release chain on a production system - wait for the 1st point release... AKA if 22.7 didn't have something you needed immediately, it would be better to wait for 22.7.x release, or test offline 1st...

7

Zenarmor (Sensei) / Re: Monitoring parent plus only SOME child vlans

« on: February 19, 2022, 04:46:57 pm »

I forgot about that!

The vlan exclusion option doesn't show up at all on the configuration screen when on the free version, and I hadn't installed my license yet after the rebuild.

I'll go install my license and exclude the VLANs I want to ignore. Duh on me.

Thanks!

EDIT: Installed my license, and excluded the unwanted VLANs. Thanks again.

8

Zenarmor (Sensei) / Monitoring parent plus only SOME child vlans

« on: February 19, 2022, 04:22:48 pm »

I changed around my hardware when moving to 22.1.

Now I have 1 10Gb connection.

LAN - untagged/parent interface
IoT1 - vlan2
IoT2 - vlan3
...

I only want to monitor LAN and IoT1 in Sensei (purely to work around the Sensei device count license restrictions).

Is there away to monitor the parent and EXCLUDE/NOT MONITOR some of the child vlans? Or is it always going to count devices on all child vlans no matter what if you incluide the parent?

If the latter, I will definitely go above 100 devices due to many devices on my IoT2 vlan.

9

Zenarmor (Sensei) / Re: Number of Policies for Home license

« on: October 16, 2021, 06:07:52 pm »

Very true!

$559/yr 100 device SOHO vs $99/yr HOME license is a big leap for just 2 more policies though (at least for this home user)... And $1361/yr for a BUSINESS 100 device license is even further out of reach.

But you are right that they do have other offerings with more capabilities.

It's a great product, and the quality of data categorization is very good based on my review of the data over the past year, I just want to be able to use it MORE as a home user.

10

Zenarmor (Sensei) / Number of Policies for Home license

« on: October 16, 2021, 04:08:09 pm »

My subscription ends 11/28, so I thought I would ask one last time...

Are there any plans on adding more policies for the Home license?

If not, then I won't renew. With a main, guest, and IoT vlan + adult vs kid policy needs, I simply can't do what I need in only 3 policies. I expect many other home users that separate IoT, main, and Guest traffic are in the same situation.

Thanks,
Jason

11

Zenarmor (Sensei) / Re: Zenarmor 1.10 MAC address exemption?

« on: October 16, 2021, 04:01:30 pm »

- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.

This times 1000. ZenArmor identifying traffic is next to useless if you can't actually use that introspection to DO SOMETHING. And with only 3 policies available, you can't do much of anything if you have a main,  guest, and IoT VLAN - which many people do these days...

Throw in kids vs adult policy needs and you definitely can't do what you need in 3 policies... This is 100% a deal breaker/will not renew my subscription issue for me. So I guess after 11/28 you won't have to put up with my complaining any more.

12

Zenarmor (Sensei) / Re: Is the free version really worth it ?

« on: August 28, 2021, 11:40:43 pm »

Reporting is better, and it is much easier to setup/maintain as you don't have to micromanage a bunch of lists and FW rules.

If you are OK with existing reporting, and don't mind manually setting up a bunch of lists and keeping them up to date, then that's cool too.

But I will point out that if you want really granular filtering (not just identification/reporting), you can't use Sensei anyway as you only get 3 profiles with the PAID version - default + 2 custom. So if you have >3 "groups" of things to filter with different rules you can't do it in Sensei anyway...

13

Zenarmor (Sensei) / Re: Device count

« on: August 10, 2021, 03:50:04 pm »

It kind of doesn't matter to me any more. Unless they give us the ability to make more profiles, I couldn't actually do anything useful with more devices in Sensei anyway.

Them being in there is great.... But if I can't make the right policies to do something with them, it is a bit meaningless to me.

14

Zenarmor (Sensei) / Re: Number of Policies

« on: June 09, 2021, 11:44:30 pm »

As I literally can't filter/control everything the way I need to, this issue will likely be the one that makes me not renew once my year is up.

It's a cool service, but probably isn't going to meet my (or many other home users in this 'enthusiast' category) needs without a few tweaks. So hopefully that happens. Otherwise I'll vote with my wallet and happily move on to something else.

And with no hard feelings, obviously. No product can be everything to everyone, so if it isn't in their business model to give more policies - I can respect that.

15

Zenarmor (Sensei) / Re: Number of Policies

« on: June 03, 2021, 10:38:03 pm »

Sure it can - just not with the current license restrictions. The limit of 3 policies on the "Home" license was just something they picked - not a technical limitation.

I'm just asking that they consider increasing this to something higher, like 5.

EDIT: And since the scope/applicability on the default policy can't be changed, there are really only TWO policies that can be fully customized, which kind of stinks.