Cancelling my subscription: feedback on the home-user value proposition

Started by dinguz, June 26, 2026, 09:21:12 PM

Previous topic - Next topic
I've run Zenarmor for 5 years now, and I've decided to cancel my subscription (turned off auto-renewal). The form on the website only allows 200 characters, so wanted to lay out the reasoning properly here, partly as feedback, partly because I suspect other home/SOHO users are weighing the same trade-off.

The core issue is that the value-for-money for a non-commercial, single-site deployment has eroded over time. Each release seems to move more functionality behind premium tiers priced for businesses, not individuals. That's a reasonable strategy if the target market is enterprise, but it leaves home users increasingly squeezed: paying for capability that used to be standard, or going without.

The development roadmap also reads as enterprise-first. Centralized management, multi-tenant features, advanced reporting: all sensible for MSPs and larger deployments, but largely irrelevant to a single firewall at home.

What tipped this from "frustrating" to "not worth it" is multi-core support being restricted to paid subscriptions. For anyone running OPNsense on older or budget hardware, that's not a nice-to-have, it's the difference between Zenarmor being usable at all and pegging a single core under load. Gating it behind a premium plan effectively prices out the exact hardware profile where the feature matters most.

For context: as a home/SOHO user I've never minded being treated as a kind of beta tester. I appreciate the direct line to the developers through the forum and email, and genuinely enjoy contributing to the product's development. That's actually what makes this decision sting more than a simple price complaint would: paying for what is, in practice, a deliberately limited version of the product feels at odds with that relationship.

I don't doubt the engineering effort behind the product, and I understand a company needs a sustainable business model. But the current tiering no longer makes sense for my use case, so I'll be switching back to a lighter inline IDS/IPS setup. Curious whether others here have reached the same conclusion or found a tier that still works for home use.
Note: This post may have been lightly edited by AI for spelling and minor readability improvements. The content and findings are entirely my own.

I don't have a paid subscription but I was at the start very willing to be helpful and was engaged with their support team to help them help me diagnose problems and in return they got to improve their product. It felt the fair tradeoff of being early user/tester for a free product. All as expected.
As time has gone by I am more and more disheartened with the trajectory so far taken, in that it feels now they've had our use, they can move to their paying market with a more mature product.
Again, not unexpected BUT as with the functionality gone that used to be free and the main one, multicore, exactly as you have clearly explained, has had me 1) wondering if it is still worth the machine's stress for what it gets 2) whether to stop using it.
It seems the balance against us is too uneven. The impression that they have taken without giving back to balance the scales a bit for us early testers is the more bitter one.

A similar thinking is growing with Crowdsec to be honest but this is not the place for this one.

So yes, same impressions, same fork in the road. No decision taken yet but feels close. I don't know yet what will replace it though.

Hi dinguz and cookiemonster

Rest assured. You're not, and will not be forgotten.

I'm Murat, founder and CEO of Zenarmor. dinguz, I know you from the very early days in the forum, so I wanted to reply directly.

I'd like to use this opportunity now to have a hear-to-heart conversation about our Home offering, because home subscription has been one of our hardest balancing acts since day one.

The challenge is to find a fine balance between providing the most value to our valued practitioners at a reasonable price point and also make sure what we're doing here is not hurting our B2B business revenue.

This is a real challenge because we have the privilege of working with such amazing people like you who have such advanced networks that you can only find in sophisticated organizations... homelab networks with 42U racks, active/active hypervisors running Active Directory, Active/Passive Firewalls, file servers, kubernetes clusters.., you name it.

We have done multiple iterations of improvements to the home plan, all based on practitioner feedback. The most recent one was back last year, and it seems to have met with satisfaction at large. On the other hand, I must say although we're explicitly telling the home plan is for non-commercial use, we were surprised to become aware of some large scale deployments of home subscription in some organizations. To that end, on the other hand, for some businesses, home subscription is even very powerful.

Our intention has been and will be not to remove any functionality that is already present in our home and even on our free offering. They're there to stay.

However, I understand that home tier might still be missing some functionality that some power practitioners might expect, or some newly introduced capability might also be useful for them.

Our solution to this is the "SASE Starter" program. It's the extended version of our prior Zenarmor Tinkerer Club (ZTC). Here, we're providing the entire feature-set to you with pricing reduced to home plan pricing. It has all the bells and whistles of our most advanced offering like full TLS inspection, multi-core support, CASB, SWG and even ZTNA. 

Similar to ZTC, it's invite-only and there's a vetting process, but unlike ZTC, inclusion criteria is not limited to SASE experience, but IT/network/security practitioners are eligible to benefit from the program for their personal, non-commercial use. If you are interested, simply reach out to us by sending an email to support - at - zenarmor.com and let us know you would like to be included in the program. There's a quick vetting process, but since you two and also many in this forum are already known to us, it'll be quite fast.

I also want to be clear about how the Home plan fits into our broader direction as a company.

The main trajectory for the company is to continue shipping and improving the industry's first and only ubiquitous, single-stack, single-pass and single-app enterprise network security stack. It's getting more and more recognition in the industry and is introducing a completely novel way to protect modern distributed networks for hybrid organizations.

Regarding the standard Home plan.. Our intention is to keep it, and to keep improving it where we can. That's not because it's a significant part of our revenue — it's a small percentage of it — but because we owe a debt of gratitude to practitioners like you who helped build this product in its early years.

Thank you both for years of pushing us to be better. That's not something we take lightly.


Hello mb,

Personally I do understand, why you would not want to implement Multi-core support into the HOME subs. As you mentioned yourself, companies are already abusing it. But on the other hand for us, the Home LABers and community Home sub, is ours to use.

We often over-exceed the deployments of SOHO/Medium sized Companies, just for the pleasure of fun/learning or personal need. While trying to be power efficient.
And exactly here is where a lot of us already are beyond 1-2.5G LAN speeds and need 10G InterVLAN throughput.

We mostly do not need any of the SASE features, but we need the raw performance.
The base features in Home sub are perfect for Home use, but the performance is a hurtle.



I do not want to go bad at you but,

Maybe it would be a good idea to have more awareness about the "SASE Starter" program here on the forum for people in the community.
As this would sooth the peoples worries.

The whole point why people were outraged in first place, was the uncertainty and lack of communication around the Multi-core support.
1. It was not properly communicated
2. People had to literary data-mine information about the Multi-core
3. When directly asked about this, nobody from ZA provided a direct answer


Similar to cookie & dinguz,
I myself allocated a lot of time Tshooting ZA, problems, BUGs and even finding few attack vectors. Sharing all of this with support, having bridge calls & con-joined Tshooting. Working with your engineers & developers is a pleasure, because they know what they are doing if they get all the pieces of the info.

So you can imagine now, how back-stabbed it felt to see that Home subs will not receive the MC support and communication around it was very bad.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
N355 - i226-V | AQC113C | 16G | 500G - PROD

PRXMX
N5105 - i226-V | 2x8G | 512G - NODE #1
N100 - i226-V | 16G | 1T - NODE #2

@cookiemonster: I'm interested in the discussion about CrowdSec.

The product is free (security engine, scenarios, vpatch, WAF rules, Claude skill, etc.) and is MIT-licensed.
A blocklist is shared amongst users who share signals, for free, and many more are also free of charge.
There is 0 cost on the OpnSense integration.

So I'd be interested to understand your feelings better (or maybe it's about the SaaS console)?
If you have time and the will to discuss this, please PM me.

@philippe_crowdsec

I also ran CrowdSec, put in quite some effort to set up a multi-node configuration with acquis on all my backend applications where collections were available etc. I even initiated the CrowdSec-Caddy integration on OPNsense.

My main points I found a bit dissatisfying:

- Distributed setup is a real pain when the hub is to be OPNsense, because credentials remote machines use to send events get overwritten every so often if you are not ultra careful. OK, operator error, but a bit of POLA violation, too. Reset to localhost and new secret happens much too easily.
- The blocklists available for free tier users are not well maintained and essentially worthless. Specifically while free tier users contribute to the main CrowdSec blocklist we do not get to subscribe to it for free.
- There is no affordable (like 100 $/€/£ per year) subscription offer for home users which I would seriously consider.

So I stopped using it entirely. I currently have a running subscription for Q-Feeds and I am quite satisfied with the results.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)