Messages

You must be the support person who has my case, since I didn't supply any IPs here in the forum. I responded to your E-mail. Curl fails due to the self-signed cert, but I provided you screen shots of the GUI showing that Zenarmor confirms it can connect and check the indices, as well as a screenshot of the Elasticsearch DB using Elasticvue that shows all the indices were created by Zenarmor, so it must be able to connect.

Also, and I will add this to the ticket, I just tried removing the certificate and making the connection as HTTP instead of HTTPS, but I have the same issue. Here's the output of the curl command when switching to HTTP:


curl -XGET http://192.168.20.50:30003
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}},"status":401}

So that rules out a certificate issue.

I've been running Zenarmor on a Protectli 4B for about 7 months or so without issues (Home license). Due to the low amount of resources, I use a remote Elasticsearch DB. Within the last month I have hit a strange issue. Suddenly there is no data in my reporting database. Zenarmor is working. Blocks are being applied based on policies. I can confirm this by disabling or modifying policies and seeing that things work or don't. I believe everything was working fine on OPNSense 23.1.9. I haven't made any changes in a long time, other than updates. I ended up skipping 23.1.10 because it came out just before I went away on vacation and by the time i came back and was settled 23.1.11 was out. Somewhere in there a Zenarmor update occurred too.

Things I have tried:

1) Zenamor -> Configuration -> Reporting and Data -> Perform Index Check, result = "Everything looks good"
2) Try "Reset Reporting", result = "You cannot hard reset for remote database"
3) Try "Erase Reporting Data", result same as above
4) Create a brand new Elasticsearch DB, point Zenarmor at that, result = I see the Zenarmor indices created in the DB, and performing an index check still results in "Everything looks good", but no data shows up in reports
5) Factory reset Zenarmor, result = odd errors, packet engine won't start
6) Full uninstall/reinstall of Zenarmor, result = Zenarmor working again, but reporting issue persists
7) Reboot FW as a sanity check, result = no change, issue persists

I'm completely at a loss, so... any ideas? I did send logs to support but other than them asking if I tried "Reset Reporting" I haven't heard back.

Fixed it, or at least it appears fixed. I tested this morning before my last reply and I was still having the issue. I then ran a Health Audit and now the "Save" button is active again. Whew! Not sure what went wrong, and not sure how it got "fixed" since I don't think the Health Audit actually makes any changes, but glad its working again. I really didn't want to reinstall.

Good questions, but there have been no changes on my PC end and it was working fine before the upgrade. Also, I forgot to mention, but its not EVERY page with a "Save" button. I haven't gone through them all, but (for instance) the "Save" button on the "Logging" page is enabled and does let me click it. If I got to System -> Settings -> Tunables and add or edit there the "Save" button is enabled. Its almost like something is messed up in the permissions somewhere if I had to guess, and so certain pages are read-only.

So I upgraded from 21.7.8 to 22.1 tonight. After the upgrade I wanted to log in to the CLI via SSH, but I keep SSH disabled and only enable it as needed. When I go to the System -> Settings -> Administration page, the "Save" button at the bottom is grayed out. No matter what I do on that page, I cannot save. I tried both with "root" and with my secondary admin account. I also have the same issue on the System -> Settings -> General page, so I cannot change my theme, DNS, or hostname (not that I'm looking to, but its not available if I need to). I can enable and disable firewall rules, but I tried adding a new one and I have the same issue on the new firewall rule configuration page, the "Save" button at the bottom is grayed out and not responding to clicks.

Is there anything I can do to fix this so that I can make changes again? Or am I going to have to roll back?

(FYI - Luckily I keep Serial enabled, so I was able to access the CLI that way and take care of things. My issue is the inability to save changes in the GUI)