Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Is Squid, ClamAV and Captive Portal still necessary?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Is Squid, ClamAV and Captive Portal still necessary? (Read 2119 times)
WhiteTiger
Jr. Member
Posts: 73
Karma: 1
Is Squid, ClamAV and Captive Portal still necessary?
«
on:
December 06, 2023, 08:09:33 am »
With Zenarmor can I avoid installing Squid for content filtering and ClamAV as antivirus?
Who manages the Captive Portal? OPNSense or Zenarmor?
Logged
beki
Jr. Member
Posts: 93
Karma: 10
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #1 on:
December 06, 2023, 08:25:43 am »
Hi WhiteTiger,
Zenarmor has a powerful web filtering and application control mechanism with a rich and up-to-date threat intelligence database.
Especially essential and advanced security rules safeguard your clients against malicious websites that contain malware, virus. Antivirus protection and sandboxing feature will be available in the future releases.
https://www.zenarmor.com/roadmap
Zenarmor runs independently from OPNsense fw rules and plugins.
You can easily configure captive portal on OPNsense and integrate it with Zenarmor for user-based filtering.
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-captive-portal-on-opnsense
https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal
Bests
Logged
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #2 on:
December 06, 2023, 10:26:12 am »
There is a principal difference in what you can do by terminating traffic in a proxy like squid and looking at the traffic flowing by with zenarmor when encryption comes into play.
In order to be able to inspect the content (e.g. to scan for viruses), you have to enencrypt the traffic, which is only possible by terminating it. This has other drawbacks, like having to include the proxy CA in the end devices.
So, the answer to your question depends on what you expect from a specific solution.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1598
Karma: 176
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #3 on:
December 06, 2023, 10:30:30 am »
Since viruses affect endpoints (usually Microsoft Windows), using a proper Endpoint Protection with central Management is way more efficient than using a MITM. Also, decrypting and encrypting all traffic is a big security risk in itself.
Logged
Hardware:
DEC740
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #4 on:
December 06, 2023, 10:34:48 am »
Correct, but as far as the question goes, zenarmor is no endpoint protection, so waging a proxy solution against zenarmor, the latter cannot prevent viruses. I agree that because of the drawbacks of MITM, protection on the endpoint is best.
Or shorter: To have virus protection, you cannot use zenarmor, you could (but should not) use central scanning via a proxy, what you really should do it have virus protection on the endpoints.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
WhiteTiger
Jr. Member
Posts: 73
Karma: 1
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #5 on:
December 06, 2023, 02:15:07 pm »
I don't want to use MITM, too many complications to handle.
I currently use Squid with Transparent HTTP.
The PCs already have an Antivirus, but I wanted to activate one on the firewall for greater protection by being able to block malware before it even reaches the network.
If Zenarmor doesn't have it and if MITM is needed in any case, then I prefer not to install it and in the future deactivate Squid.
For protection, should I install Suricata or do I already have similar protection on Zenarmor?
However, I can't understand why the HTTPS filter with Squid needs MITM, but the HTTPS filter on Zenarmor doesn't need it.
Logged
meyergru
Hero Member
Posts: 1682
Karma: 165
IT Aficionado
Re: Is Squid, ClamAV and Captive Portal still necessary?
«
Reply #6 on:
December 06, 2023, 04:10:05 pm »
The only thing zenarmor can do
without MITM
is analyze the initial phase of the HTTPS TLS connection, where there the host part of the URL is specified. That is a bit better than to use the IP only, because so it can discriminate between different sites on the same host, thereby enabling blocking based on presumed content type of the specific website (i.e. the connection is dropped directly after a malicious or otherwise unwanted site is detected).
However it cannot look at the content of the pages or downloaded files, i.e. virus-scanning is impossible. Once the encrypted connection is established, zenarmor is essentially blind.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Is Squid, ClamAV and Captive Portal still necessary?