English Forums > Zenarmor (Sensei)
Sensei on OPNsense - Application based filtering
mb:
Hello,
I'm Murat, founder of Sunny Valley Networks, the company behind Sensei.
Very much pleased to meet the OPNsense community.
I've seen a thread about Sensei in the forum, so I thought it might be a good idea to start a dedicated topic to help people with the software.
Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control. Currently, Sensei community edition is available for OPNsense platform.
I've seen that some members have already downloaded and trying Sensei. Many thanks for that. We're grateful.
I've created this topic about Sensei to help you to try it out, and try to solve any problems you guys might have encountered.
Although we reached our target number of beta testers, we always have room for forum members.
If you're interested in trying it, please do not hesitate to contact me privately. I can share the URL to the latest installer.
Very much looking forward to reading your feedback and helping you with the software.
More information about Sensei can be found on the product web page: https://sunnyvalley.io/sensei
All the best
Murat
marjohn56:
Thanks to @mb for sending me a link to test this. This is a quick summery of my first impressions, also to prevent any cross-contamination issues I did a clean install using zfs and then bootstrapped opnsense install. Firmware flavour is development and core upgrade carried out.
Installation was straight forward as was configuration. Initial configuration left me with zero information, this appears to be because I had selected the LAN as the interface to monitor, however, my LAN is a bridge, changing this to the OPT1,OPT2,OPT3 interfaces solved this and then it all started working well.
Note I am using this on a Qotom i5 with 8Gb RAM. It is recommended that this is the minimum requirement for a 100 user system. On my test system there is minimal extra load on the CPU, but my test system is limited to only two devices attached to the LAN.
My first impressions are that is a very impressive package, it will be interesting to see what the differences will be between the commercial and community editions are when that time arrives.
mb:
@marjohn56, many thanks for giving Sensei a try and providing feedback. This is very valuable for us.
Glad to hear that installation & configuration went smooth.
Sensei utilizes netmap behind the scenes, which does not play well with bridged interfaces. Netmap in FreeBSD 11.x, which OPNsense is based on is quite old. I think we can also contribute to OPNsense team with an improved netmap support. I believe this will also help resolve some Suricata issues.
We'd love to hear about performance figures with a larger user base if you happen to have access to one. Currently the largest deployment we know of is 200 Mbps sustained WAN throughput with about 850 users. HW is an old HP DL360-g8 (xeon e5-2450L @1.8GHz) and 16GB RAM.
Delighted to see that product is up to the duty.
Enterprise <-> Community edition work is ongoing. For now I'm happy to tell that community edition for OPNsense will always be there and forever free.
Mundan101:
I have sensei up at running and so far so good!
marjohn56:
--- Quote from: Mundan101 on August 29, 2018, 02:01:30 pm ---I have sensei up at running and so far so good!
--- End quote ---
Just in case @mb has not told you, IPv6 is still WIP, so v4 only for now, still cool though :)
Navigation
[0] Message Index
[#] Next page
Go to full version