Zenarmor 1.10 MAC address exemption?

Started by athurdent, October 15, 2021, 05:14:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2021, 05:14:17 AM
Hi @mb,
thanks for the new version, still exploring all the new features! :-)

I have noticed though that I cannot seem to exempt a MAC address in configuration? While the policies have that possibility now, we can't seem to use it to disregard a MAC completely?
BTW, in the past I have noticed that if I put an IP there, it's not counted anymore, but running a speed test from that IP, Sensei would still use vast amounts of CPU. So it seems that feature did not stop Sensei from processing the packets, just not apply anything to them anymore? Would be cool if we could have the engine bypassed completely for something entered there.
October 16, 2021, 02:19:57 AM #1
Hi @athurdent,

It's our pleasure. I hope you are liking it so far.

Yes, MAC addresses have been introduced to Policies and Reporting. Not yet for bypassing the traffic. A bit of information there:

The reason you're still seeing CPU activity even though you've bypassed an IP address is that it still hits the packet engine.

Although the engine does not apply packet inspection and/or filtering etc, netmap still has to process it, deliver it to the zenarmor engine and re-transmit it to the network stack. This sometimes might be another bottleneck.
October 16, 2021, 10:34:01 AM #2 Last Edit: October 16, 2021, 10:38:06 AM by athurdent
Quote from: mb on October 16, 2021, 02:19:57 AM
Hi @athurdent,

It's our pleasure. I hope you are liking it so far.

Yes, MAC addresses have been introduced to Policies and Reporting. Not yet for bypassing the traffic. A bit of information there:

The reason you're still seeing CPU activity even though you've bypassed an IP address is that it still hits the packet engine.

Although the engine does not apply packet inspection and/or filtering etc, netmap still has to process it, deliver it to the zenarmor engine and re-transmit it to the network stack. This sometimes might be another bottleneck.

Hi @mb,

As always, thank you for you valuable input and explanations!
I really like the new name and the new functions!

If I had 3 wishes, they would be:

- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.
- an iPhone app to view statistics and configure, or at least a couch-friendly mobile cloud website view for a smartphone. ATM, I fail to unfold the "Firewalls" menu using Safari with an iPhone 13 Pro, so I cannot use the cloud view at all.
- Icons for the services (e.g. Netflix, Youtube, Twitter, etc.) would be a great eye candy.

Anyways, thank you for being so active on the forum!

Edit: I failed to mention that I don't want anything for free, I'd pay for a "Home Plus" subscription and also for an app of course... ;-)

October 16, 2021, 04:01:30 PM #3 Last Edit: October 16, 2021, 04:05:49 PM by JasonJoel
Quote from: athurdent on October 16, 2021, 10:34:01 AM
- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.

This times 1000. ZenArmor identifying traffic is next to useless if you can't actually use that introspection to DO SOMETHING. And with only 3 policies available, you can't do much of anything if you have a main,  guest, and IoT VLAN - which many people do these days...

Throw in kids vs adult policy needs and you definitely can't do what you need in 3 policies... This is 100% a deal breaker/will not renew my subscription issue for me. So I guess after 11/28 you won't have to put up with my complaining any more.
October 18, 2021, 02:48:33 AM #4
@athurdent, @jasonjoel thanks for the feedback and suggestions.

I've informed the team about them. Quick question:

What would be the top 3 functionalities you'd like to see in a mobile-friendly cloud portal?

As for the home subscription & number of policies. All noted. We've done a user survey and attempted to create a solution to be able to offer an extended home subscription. So far, it turned out to be a bit difficult to differentiate the SOHO and Home version. This is likely to change later in the coming year; and we hope to get back with good news.

October 18, 2021, 05:45:53 AM #5
Hi @ mb,

Thank you for your feedback and for listening, highly appreciated!

While it would be great to have a full mobile experience, I'd mainly use it for viewing statistics and drilling down to hosts. In general, the home view (the one with the bar graphs, you get when repeatedly clicking on Home) could be pretty mobile friendly. I also like that it shows traffic usage in e.g. GB, that is pretty useful. Top X clickable bar graphs seem a good choice, hovering over something with a touch display is always a bit user unfriendly on mobile.

So, my top 3:
- quickly identify threats/blocked traffic and see which hosts are affected (bar graphs, like the current landig page/Home view)
- check reports and DPI statistics, get an overview of apps/urls/accumulated traffic used by hosts. Like the current Home view, but it should have drill down functionality for hosts and apps (also with bar graphs)
- firewall health and statistics

Would also be cool to generally have an email functionality that instantly reports compromised hosts or severe threats, so we can act quickly on them.
October 19, 2021, 02:11:06 AM #6
@athurdent, thanks, all noted.

Instant Notifications (UI/Email) for Important Threat Alerts are on our agenda. 1.10 laid a great deal of the groundwork for us.
October 19, 2021, 05:36:58 AM #7
@mb, awesome thank you very much!
October 20, 2021, 03:50:29 PM #8
Quote from: JasonJoel on October 16, 2021, 04:01:30 PM
Quote from: athurdent on October 16, 2021, 10:34:01 AM
- a few more policies for the home subscription, to make your average network security admin happy, who's coming home from working with Checkpoint and Cisco. This way we could cover the basics, with a policy each for guest, IoT, kids and parents. Plus one or two to experiment with.

This times 1000. ZenArmor identifying traffic is next to useless if you can't actually use that introspection to DO SOMETHING. And with only 3 policies available, you can't do much of anything if you have a main,  guest, and IoT VLAN - which many people do these days...

Throw in kids vs adult policy needs and you definitely can't do what you need in 3 policies... This is 100% a deal breaker/will not renew my subscription issue for me. So I guess after 11/28 you won't have to put up with my complaining any more.

Your multiple x 1000 again.  ;D
Print
Go Up Pages1
User actions