Sensei on OPNsense - Application based filtering

Started by mb, August 25, 2018, 03:38:14 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 59 60 61 62 63 ... 79
User actions
May 18, 2020, 08:42:30 PM #900 Last Edit: May 19, 2020, 09:14:45 AM by nikkon
Thank you.
super helpfull. I should have spend more time looking for it.

DEC750 Deciso
May 19, 2020, 09:15:06 AM #901

Unfortunately I cannot make any change to the live sessions. I can see the session policy but can't modify any
DEC750 Deciso
May 19, 2020, 06:24:08 PM #902
Quote from: nikkon on May 19, 2020, 09:15:06 AM

Unfortunately I cannot make any change to the live sessions. I can see the session policy but can't modify any


Really? Not seeing this?
May 20, 2020, 06:54:40 PM #903 Last Edit: May 21, 2020, 03:36:04 AM by mb
Dear Sensei users,

If you're using Mongodb as the db backend, please postpone your OPNsense 20.1.7 update a bit since we're trying to verify if evertyhing works with the current Sensei release.

We'll post an update later today once we have the confirmation.

Elasticsearch looks fine.

UPDATE 5/20/20 10:00 PT:
20.1.7's new PHP package is incompatible with Mongodb. New package build in progress. ETA 3 hours.

UPDATE 5/20/20 18:35 PT:
Mongodb users can update to 1.5_1 to handle the incompatibility. 1.5_1 will automatically fix the problem behind the scenes.
May 21, 2020, 10:45:24 AM #904
Hi,

there seems to be a bug, that using Drill Down/Session Details of ipv6 addresses is not possible because of additional \ characters

Problem:
a) Selection of an ip6-address 2aaa:1234:1234:1234:1234:1234:1234:1234 in a chart of the Dashboard screen.
b) Source Hostname is now: 2aaa\:1234\:1234\:1234\:1234\:1234\:1234\:1234
c) => no results

Workaround:
manual filter Source-Hostname 2aaa:1234:1234:1234:1234:1234:1234:1234
=> expected results

Could you please fix this?
May 21, 2020, 03:09:32 PM #905
Quote from: binaryanomaly on May 19, 2020, 06:24:08 PM
Quote from: nikkon on May 19, 2020, 09:15:06 AM

Unfortunately I cannot make any change to the live sessions. I can see the session policy but can't modify any


Really? Not seeing this?

No i don't have the options you show me.
see the attached file
DEC750 Deciso
May 21, 2020, 03:11:53 PM #906
Quote from: nikkon on May 21, 2020, 03:09:32 PM
Quote from: binaryanomaly on May 19, 2020, 06:24:08 PM
Quote from: nikkon on May 19, 2020, 09:15:06 AM

Unfortunately I cannot make any change to the live sessions. I can see the session policy but can't modify any


Really? Not seeing this?

No i don't have the options you show me.
see the attached file


Could you show the session being blocked in the Blocks / Live web explorer?
May 21, 2020, 10:37:10 PM #907
Yes. The session seems blocked and none of the lan clients can access the website. If I stop Sensei engine it works


Sent from my iPad using Tapatalk
DEC750 Deciso
May 23, 2020, 02:44:35 AM #908
Hi @nikkon, send a problem report and the team will have a look at it.
May 23, 2020, 02:45:52 AM #909
Dear Sensei users,

As promised, we've[1] kicked off another project which focuses on killing remaining netmap bugs on HardenedBSD 12 (FreeBSD 12).

Please see the main topic here:

https://forum.opnsense.org/index.php?topic=17363.0
May 23, 2020, 10:06:40 PM #910
Thx for the news about the netmap changes.

I disable the cache in pihole and still cannot see local resolved hostnames in sensei's reports.
Dns Crypt proxy is used though.
Can I change anything to resolve the hostnames or will you guys add an option update to handle this case?

Furthermore do you have a date for the update to automaticly impoert / update custom block lists like in pihole, etc?

Thx
May 24, 2020, 07:15:49 PM #911
Quote from: mb on May 23, 2020, 02:44:35 AM
Hi @nikkon, send a problem report and the team will have a look at it.
Ok. I will
DEC750 Deciso
May 24, 2020, 09:23:25 PM #912
I have the home edition.

Reporting configuration suggests Elasticsearch can be used. I would like to forware this to my ELK stack.

The help page says "Sensei Premium can stream data to external remote Elasticsearch or MongoDB servers for log parsing and Security Information and Event Management (SIEM) system integration. In the Configuration section of the Sensei OPNsense portal select the Reporting & Data tab."

However, there is no such section on my reporting page.

Any ideas?

PS - would it be worth this forum having a seperate OpnSense subforum, as searching through one single long thread is a little tricky.
May 30, 2020, 01:29:20 AM #913
Hi @sol,

Are you using DnsCrypt Proxy on the firewall? If so, since it runs on WAN, it should not interfere with Sensei.

Are you sure DNS traffic (querying local hostnames) is passing through the Sensei protected interface?
To make sure this is the case, you can run a quick tcpdump session and check if you can see any dns/mdns/llmnr requests for local devices.

For the custom block lists: it's not yet in the short-term roadmap :(
May 30, 2020, 01:30:04 AM #914
Hi @mittenz,

With home edition, you can completely offload your database to a remote ES instance. But beware this option is only configurable during initial configuration wizard:
Backup Sensei && Uninstall Sensei && Install Sensei and during initial config, select remote ES as the database.

Here's a quick blog post explaining this in detail:
https://www.sunnyvalley.io/post/using-remote-elasticsearch-for-sensei-reporting/

About subforum: Good idea, thanks for the suggestion. Let me discuss this with the OPNsense team. Maybe we can have this under a section called "Third Party Tools".
Print
Go Up Pages 1 ... 59 60 61 62 63 ... 79
User actions