Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Benefits of zenarmor over suricata?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Benefits of zenarmor over suricata? (Read 5220 times)
QuaCKeReD
Newbie
Posts: 16
Karma: 0
Benefits of zenarmor over suricata?
«
on:
August 03, 2022, 09:57:52 pm »
Hi All
Pretty new here. Still trying to find my feet.
One question I have is around zenarmor and suricata solutions on OPNsense.
Could someone please let me know the benefits of both?
I am struggling to understand why I should use one over the other - do they provide same protection, are they complimentary to each other, etc
Any help greatly received 😀
Logged
Unit: Protectli VP2410
CPU: Intel Celeron® J4125 Quad Core at 2 GHz (Burst up to 2.7 GHz)
RAM: 16GB DDR4
SSD: 256GB M.2 SATA
Broadband: Virgin Media VOLT
Down: 1.2Gbps
Up: 55Mbps
sy
Hero Member
Posts: 595
Karma: 44
Re: Benefits of zenarmor over suricata?
«
Reply #1 on:
August 05, 2022, 04:40:03 pm »
Hi,
You can use both on the scenario to protect the WAN side with Suricata and LAN side with Zenarmor.
Suricata will detect and prevent intrusions on the WAN side and Zenarmor will inspect user traffic application based and report it detailed. Please see the following document for the details.
https://www.sunnyvalley.io/docs/#about
https://www.sunnyvalley.io/docs/network-security-tutorials/what-is-intrusion-detection-system#what-are-intrusion-detection-system-ids-tools
Logged
QuaCKeReD
Newbie
Posts: 16
Karma: 0
Re: Benefits of zenarmor over suricata?
«
Reply #2 on:
August 05, 2022, 04:57:28 pm »
Thanks 😀 Pretty much what my reading had led to.
From zenarmor pages on opnsense, only interfaces listed are non-WAN ones. Yet, when linking to Cloud Portal, option appears to add WAN interface, too.
Is this advisable - to use zenarmor for both internal and external interfaces?
Logged
Unit: Protectli VP2410
CPU: Intel Celeron® J4125 Quad Core at 2 GHz (Burst up to 2.7 GHz)
RAM: 16GB DDR4
SSD: 256GB M.2 SATA
Broadband: Virgin Media VOLT
Down: 1.2Gbps
Up: 55Mbps
rudiservo
Newbie
Posts: 27
Karma: 2
Re: Benefits of zenarmor over suricata?
«
Reply #3 on:
August 06, 2022, 01:41:24 pm »
Quote from: QuaCKeReD on August 05, 2022, 04:57:28 pm
Is this advisable - to use zenarmor for both internal and external interfaces?
Not really a good idea.
i.e. if you have a DMZ, the added overhead for serving requests will skyrocket and you will have double the logs for the same traffic, also you might want not to put some internal interfaces.
Also zenarmor has exceptions for certain domains you add and also might have based on traffic going in the interface not out.
i.e. it might consider every external connection in the wan interface has an internal device, so naturally zenarmor might consider that you have +1000 devices that aren't really yours, that might not do well in the database and also in the way it logs and analyzes traffic.
It all depends on how Zenarmor is implemented.
Honestly I would keep suricata with hyperscan for Wan interfaces and Zenarmor for analyzing and protecting internal interfaces for your end users.
For DMZ you have other stuff like WAF (web application firewall) on nginx.
Logged
QuaCKeReD
Newbie
Posts: 16
Karma: 0
Re: Benefits of zenarmor over suricata?
«
Reply #4 on:
August 06, 2022, 03:07:18 pm »
Thanks!
Does hyperscan work better for suricata on Protectli devices than the default?
Logged
Unit: Protectli VP2410
CPU: Intel Celeron® J4125 Quad Core at 2 GHz (Burst up to 2.7 GHz)
RAM: 16GB DDR4
SSD: 256GB M.2 SATA
Broadband: Virgin Media VOLT
Down: 1.2Gbps
Up: 55Mbps
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Benefits of zenarmor over suricata?
