Additional platforms - how does that work?

Started by allebone, March 18, 2021, 12:33:19 AM

Previous topic - Next topic
I see the latest release says it supports additional platforms. How does that work exactly? It seems heavily integrated into opnsense.

Pete

March 18, 2021, 01:08:55 AM #1 Last Edit: March 18, 2021, 05:33:36 AM by mb
Hi Pete,

Documentation will follow shortly on this. Let me try to provide a bit early information here.

Apart from OPNsense; 1.8 currently supports FreeBSD 11 & 12, Centos 7 & 8, Ubuntu 18.04 & 20.04 and Debian 9 & 10.

Unlike Sensei on OPNsense, for the new platforms, we do not provide the management plane on the deployed machine; rather the management is through Cloud Portal. So you need to have a Cloud Portal account for this. : https://sunnyvalley.cloud

On the target platforms, the packet engine itself  (sensei package) is deployed along with the cloud communication agent (sensei-agent package).

To install sensei on one of these platforms run below one-liner and it should download and install the sensei and sensei-agent packages:

curl https://updates.sunnyvalley.io/getsensei.sh -o getsensei.sh && sudo sh ./getsensei.sh

This script basically installs the Sunny Valley package repository and installs:

sensei
sensei-agent


packages. After the package installation, run the cloud registration and you'll see the new platform popping up in the list of firewalls.

user@ubuntu:~$ sudo senseictl cloud register
[sudo] password for user:       

        Sunny Valley Networks Cloud Management Portal
        Node Registration Utility

        This utility registers your system with Sunny Valley Networks Cloud Portal
        We need your Cloud Portal authentication credentials for:
        https://sunnyvalley.cloud

        If you have not set your password before, you can do that from 'My Account'
       
Please enter your Cloud Portal e-mail:


Removing is as easy as stopping engine and cloud services and removing the packages with your package manager:

# service eastpect stop
# service senpai stop
# apt remove sensei
# apt remove sensei-agent



For the reporting, you can utilize either an Elasticsearch instance (cloud or your own) or the local SQlite database (embedded, no installation required)

For filtering, Cloud Portal will have the Central Policies functionality ready late this month or early next month. So these functionalities will be available after a while. You also need netmap. (for FreeBSD you already have the netmap, for Linux, you'll need to manually install - instructions to follow).

You'll be able to use the same cloud based policies accross all your deployments.

I hope this provides some early information.



March 25, 2021, 08:51:20 AM #4 Last Edit: March 25, 2021, 10:22:21 AM by opnip
One short question about deployment. Is it also possible to use it in a bridged environment? This means I use a Sensei Linux/FreeBSD box inline (bridged between firewall and main switch)? I would like to use my existing firewall (right now not OPNsense) and switch. Or is it better to use the "routed mode"?

Stack:
Client --> Switch --> Sensei (bridge or routing mode) --> Firewall --> Internet

Hi @opnip,

Bridge more requires a bit hardware-specific configuration, which we did not fully automatize yet. This is why it's in experimental state.

Having said that; if your LAN/WAN ethernet adapters have single RX/TX queues (or you can also manually configure them to use a single queue), you are good to go. Sensei will act like a filtering bridge behind your firewall.

One more note: Bridge mode is not yet available for the new platforms. It's OPNsense only for the time being.


The plans are a bit confusing on this front, are we able to manage unix/bsd installs with the home plan or is that blocked? Central Policy is listed as not for paid home use BUT how then are we able to manage the firewall?

Hi @jclendineng,

Thanks for this question. I guess "Centralized Policy Management" and "Cloud Management" terms are close and maybe prone to mis-understanding.

With the Cloud Management capability (available in the Free) you are able to manage the sensei functionality on individual firewalls. Means you can view their reports, create/delete/manage policies etc) on an individual firewall basis.

A Centralized Policy is that you have a single centralized policy which gets applied to many firewalls at once.  So instead of configuring the individual policies on the individual firewalls one by one, you create a single policy and push it to all / a group of firewalls.

Centralized Reporting is similar to Centralized Policy, where you can view the reports of all / a group of firewalls from a single pane.

Cloud Management is available for Free Edition; where as Centralized Policy/Reporting is available in their respective paid plans.

Hope this makes this more clear.

PS: We'll shortly roll-out an improved product documentation, which will also include Cloud Management.

Thank you for that.  I assumed that was the case but wanted to double check. 

Quote from: mb on May 05, 2021, 12:21:57 AM
Hi @jclendineng,

Thanks for this question. I guess "Centralized Policy Management" and "Cloud Management" terms are close and maybe prone to mis-understanding.

With the Cloud Management capability (available in the Free) you are able to manage the sensei functionality on individual firewalls. Means you can view their reports, create/delete/manage policies etc) on an individual firewall basis.

A Centralized Policy is that you have a single centralized policy which gets applied to many firewalls at once.  So instead of configuring the individual policies on the individual firewalls one by one, you create a single policy and push it to all / a group of firewalls.

Centralized Reporting is similar to Centralized Policy, where you can view the reports of all / a group of firewalls from a single pane.

Cloud Management is available for Free Edition; where as Centralized Policy/Reporting is available in their respective paid plans.

Hope this makes this more clear.

PS: We'll shortly roll-out an improved product documentation, which will also include Cloud Management.

What is the timeline for this? Reporting is basically a graph that tells me something happened somewhere...no real information. You mentioned drill down and live block is coming in .10? Is that still on track? Thanks!

Hi @jclendineng,

You should already have the "drill-down" feature:
https://www.sunnyvalley.io/docs/reporting-analytics/report-view-configuration#applying-generic-filterexclusion-on-a-report-view

Blocking has been introduced with 1.9. For Linux, you'll need to manually compile & install netmap module (documentation to follow this month). For FreeBSD, since netmap is embedded in the kernel, you don't need this step.

Live Reports & using subscriptions on the new platforms are going to be shipped with the 1.9.1 release, which is scheduled for early next week.

We believe with 1.9.1, new platforms will also reach a state where you'll be able do reporting / blocking almost as good as OPNsense.

I hope this answers your question. Please feel free if you have further questions.

Yes, tats fantastic! Thanks. Im going to be using this headless on BSD separate from opnsense installation.

What about the "Session Details"? Is that coming in some form?


Hi @jclendineng,

1.9.1 is released today. Cloud Live Session Explorer is one of the features brought by this release.