1
Zenarmor (Sensei) / Re: Zenarmor 1.18 higer idle cpu load
« on: Today at 09:47:46 am »
I rebooted the appliance again, and it now seems to be running normal again. I'll see how it behaves.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Zenarmor (Sensei) / Re: Zenarmor 1.18 higer idle cpu load
« on: Today at 09:31:23 am »
ipdrstreamer (uses op around 42%)
eastpect: Eastpect Instance 1
eastpect: Eastpect Instance 0
must be something wrong with the reports. When I click on Zenarmor, reports, I get "No connections have been recognized for the last 30 minutes", which is unlikely
eastpect: Eastpect Instance 1
eastpect: Eastpect Instance 0
must be something wrong with the reports. When I click on Zenarmor, reports, I get "No connections have been recognized for the last 30 minutes", which is unlikely
3
Zenarmor (Sensei) / Re: Zenarmor 1.18 higer idle cpu load
« on: November 24, 2024, 08:10:54 am »
I have the same issue. Upgrade last Friday (around noon) to 1.18.3, and idle CPU has almost doubled !
It is clearly showing in LibreNMS metrics. I have rebooted the firewall, but to no avail.
It is clearly showing in LibreNMS metrics. I have rebooted the firewall, but to no avail.
4
General Discussion / Re: Does NTOPNG itself scan networks and/or hosts ?
« on: September 14, 2024, 10:31:07 am »
You'll need NGFW features for that, such as the ZenArmor integration that allows for Application Control.
https://www.zenarmor.com/docs/policies/application-control-rules
It'll keep track of the Youtube set of dynamic external IP addresses and will allow for the application type to be recognized as Youtube traffic.
https://www.zenarmor.com/docs/opnsense
https://www.zenarmor.com/docs/policies/application-control-rules
It'll keep track of the Youtube set of dynamic external IP addresses and will allow for the application type to be recognized as Youtube traffic.
https://www.zenarmor.com/docs/opnsense
5
General Discussion / Does NTOPNG itself scan networks and/or hosts ?
« on: September 12, 2024, 08:55:22 am »
I have installed ntopng on my opnsense and was looking at network connectivity inside my IOT network (that has a solar inverter, charging station and battery). All three are from different vendors.
I noticed activity that is originating from the gateway inside the IOT network (diagram attached). I thought it was a bit strange that the gateway was trying open SSH or http connections to hosts inside the IOT network.
But perhaps it is not strange, and it is intended behavior from ntopng to check open ports on hosts? Can someone confirm/deny this ?
I noticed activity that is originating from the gateway inside the IOT network (diagram attached). I thought it was a bit strange that the gateway was trying open SSH or http connections to hosts inside the IOT network.
But perhaps it is not strange, and it is intended behavior from ntopng to check open ports on hosts? Can someone confirm/deny this ?
6
24.1 Legacy Series / Re: no route to internet from downstream gateway
« on: July 23, 2024, 05:21:00 pm »
Thanks to the both of you. I switched to hybrid mode for NAT and added a manual rule for the 192.168.130.0 network.
Works now :-)
Works now :-)
7
24.1 Legacy Series / Re: no route to internet from downstream gateway
« on: July 23, 2024, 04:18:31 pm »
NAT is set to "Automatic outbound NAT rule generation".
Perhaps a manual NAT rule needs to be created ?
Perhaps a manual NAT rule needs to be created ?
8
24.1 Legacy Series / no route to internet from downstream gateway
« on: July 23, 2024, 01:29:09 pm »
I have a few VLANs in my homelab that need to be able to reach the internet (diagram is in the attachment)
My test "server" VLAN is sitting behind a router that is NOT my opnsense box. I created a transit vlan between that router and my opnsense firewall. I put in the correct route back to the 192.168.130.0 network through the 172.16.0.2 gateway in the transit network (otherwise no ping reply) and I have opened up the firewall to allow this traffic to go anywhere when originating from the transit network.
When I put a network client into my 192.168.130.0 subnet, I can ping the default gateway in that subnet (192.168.130.1), and I can ping the firewall interface of the transit subnet I created (172.16.0.1).
However, a host in 192.168.130.0/25 cannot reach (not even ping) the internet. The firewall log shows traffic is allowed to pass, but I don't get a ping reply.
Any other network I created that is "'directly" attached to the OPnsense FW works flawlessy (e.g. the services network).
Am I missing a route or default gateway somewhere ? Is it because the 192.168.130.0 network is not "known" to OPnsense ?
(PS: I'm not a routing specialist, I'm a hobbyist so do bear with me when I ask something stupid).
My test "server" VLAN is sitting behind a router that is NOT my opnsense box. I created a transit vlan between that router and my opnsense firewall. I put in the correct route back to the 192.168.130.0 network through the 172.16.0.2 gateway in the transit network (otherwise no ping reply) and I have opened up the firewall to allow this traffic to go anywhere when originating from the transit network.
When I put a network client into my 192.168.130.0 subnet, I can ping the default gateway in that subnet (192.168.130.1), and I can ping the firewall interface of the transit subnet I created (172.16.0.1).
However, a host in 192.168.130.0/25 cannot reach (not even ping) the internet. The firewall log shows traffic is allowed to pass, but I don't get a ping reply.
Any other network I created that is "'directly" attached to the OPnsense FW works flawlessy (e.g. the services network).
Am I missing a route or default gateway somewhere ? Is it because the 192.168.130.0 network is not "known" to OPnsense ?
(PS: I'm not a routing specialist, I'm a hobbyist so do bear with me when I ask something stupid).
9
Intrusion Detection and Prevention / Re: VLAN access to internet and not to LAN
« on: November 06, 2023, 02:05:16 pm »
as I'm new to OPNsense, the fact that "*" is the internet is imho a bit confusing, as putting "*" as destination also allows access to LAN.
but this does help a lot. thanks Patrick
br,
Bram
but this does help a lot. thanks Patrick
br,
Bram
10
Intrusion Detection and Prevention / VLAN access to internet and not to LAN
« on: November 06, 2023, 01:51:36 pm »
Hi,
I have created a new VLAN (10). That VLAN needs access to internet, and certain LAN services.
DHCP is working fine, and I have added port 53 for access to Unbound DNS on the firewall. However, when I want to allow HTTP to internet, it does not work. The destination "WAN net" does not work. When I allow * as destination, it does work, but that also allows access to LAN resources using HTTP, which is something I don't want.
What am I doing wrong ?
I have created a new VLAN (10). That VLAN needs access to internet, and certain LAN services.
DHCP is working fine, and I have added port 53 for access to Unbound DNS on the firewall. However, when I want to allow HTTP to internet, it does not work. The destination "WAN net" does not work. When I allow * as destination, it does work, but that also allows access to LAN resources using HTTP, which is something I don't want.
What am I doing wrong ?
11
Zenarmor (Sensei) / Re: Zenarmor not reporting anymore after upgrade to OPNsense 23.7.7_1
« on: October 26, 2023, 10:33:01 pm »
And 2 hours later some pieces are working fine again, but the Threats and Connections reports or Live Sessions are still showing "There is no data to display".
Perhaps the Elastic Search reporting backend needs to catch up after the upgrade.
Perhaps the Elastic Search reporting backend needs to catch up after the upgrade.
12
Zenarmor (Sensei) / Zenarmor not reporting anymore after upgrade to OPNsense 23.7.7_1
« on: October 26, 2023, 09:32:35 pm »
I just upgraded my OPNSense FW to the latest version. Zenarmor Engine, Reporting Database and Cloud Agent are all running, but I don't see any traffic (not under Reports, not under Live Sessions, not under Activity Explorer) since that update.
Has anyone experienced this issue too ? I do think Zenarmor is working in the background (blocks ads etc).
The ZEnarmor plugins have all been updated to the latest version
os-sensei (installed) 1.15.2
os-sensei-agent (installed) 1.15.2
os-sensei-updater (installed) 1.15
os-sunnyvalley (installed) 1.3
These plugins are showing as "N/A" under Tier. Is that normal ? All other plugins show e.g. Tier 3
Has anyone experienced this issue too ? I do think Zenarmor is working in the background (blocks ads etc).
The ZEnarmor plugins have all been updated to the latest version
os-sensei (installed) 1.15.2
os-sensei-agent (installed) 1.15.2
os-sensei-updater (installed) 1.15
os-sunnyvalley (installed) 1.3
These plugins are showing as "N/A" under Tier. Is that normal ? All other plugins show e.g. Tier 3
Pages: [1]