Zero Devices discovered - please help

[Exray]

Good afternoon all,

I have a Glovary N305 box that i have setup between my Modem and my wifi router. This is running the latest version of OPNsense in a transparent filtering bridge and has nothing really running on it besides Zenarmor. I followed the OPNsense guide on setting a transparent filtering bridge so it's the basic setup, a wan port (modem plugs into) a Lan port (goes to my routers WAN port) and another port configured as an admin console port with a static ip. I have a paid subscription to Zenarmor and Zenarmor is set in routed mode with native netmap driver listening to only my LAN port (port that is going to my router). I am getting traffic to work just fine and the Zenarmor is blocking things as it should, everything is working as it should the only issue is under live sessions in the Src hostname all the ip address are the same (my modems public ip) and device everything says Device (none).

When getting google results for this i keep getting conflicting AI search results, sometimes AI says no Zenarmor will not be able to pick up your network devices if sitting behind your router and other times it says YES Zenarmor can pick up all your home network devices behind your router. I have spent countless hours on this, have installed and reinstalled OPNsense a few times. Please provide some guidance before i pull my hair out.

I can provide screenshots if needed. Thank you in advance.

[Patrick M. Hausen]

How does the router connect to the ISP via the modem? Plain Ethernet with DHCP or static configuration or PPPoE?

If the latter a filtering bridge and an IDS cannot inspect that datastream. Fundamentally not.

[Exray]

How does the router connect to the ISP via the modem? Plain Ethernet with DHCP or static configuration or PPPoE?

If the latter a filtering bridge and an IDS cannot inspect that datastream. Fundamentally not.

Yes the router is connected through ethernet and is the device that is doing DHCP. I figured this was the issue but was getting conflicting information on google searches. If i switch my router to act as a access point and switch the DHCP function to OPNsense it should fix this issue correct?

[Patrick M. Hausen]

If the Router is connecting with DHCP and not with PPPoE you should be able to inspect the traffic. But you will of course always see just the IP address of the router and no individual device behind it. If that's what you want - fine.

If you want to see individual devices, you must replace your router with OPNsense.

[Exray]

If the Router is connecting with DHCP and not with PPPoE you should be able to inspect the traffic. But you will of course always see just the IP address of the router and no individual device behind it. If that's what you want - fine.

If you want to see individual devices, you must replace your router with OPNsense.

I really wanted to be able to see the devices on Zenarmor side and that is the main reason i went with the paid option so i can inspect the traffic, but i cant pinpoint the device generating the traffic since everything has the same IP, so i might have to do as you suggested.

Thank you for answering my question you saved me further hours of frustration.

[Patrick M. Hausen]

The router NATs everything to its single address so it should be obvious that Zenarmor cannot distinguish individual devices behind that router.

You could place the filtering bridge behind your router, add an unmanaged switch to the mix and connect all internal devices and OPNsense's LAN to that switch. This way you still keep your router and its DHCP, DNS, etc. services but now Zenarmor sees the devices inside before NAT.

Good luck with your network restructuring.