Sensei on OPNsense - Application based filtering

Started by mb, August 25, 2018, 03:38:14 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 62 63 64 65 66 ... 79
User actions
June 30, 2020, 08:41:19 PM #945
Uninstalled and reinstalled from opnsense-firmware-plugins: 1.5.2 missing
June 30, 2020, 09:26:39 PM #946
@yeraycito, give it one more try. 1.5.2 is there now.
June 30, 2020, 09:28:54 PM #947
That's it. Installed from the console.
June 30, 2020, 09:30:47 PM #948
Quote from: mb on June 30, 2020, 06:55:48 PM
@GreenMatter, this is caused by a bug in earlier versions. Though it is fixed in 1.5.2, since the erroneous entry is still in the database you still experience the problem.

I'll share a simple command which will get it sorted out.

For the cloud query, you can only specify a single domain name there, since it was meant to whitelist local network. However, domains ending in  ".local", ".localdomain", ".lan", ".intra", ".intranet",  ".bind", ".home", ".mshome", ".corp", ".mail",  ".group", ".workgroup" are considered local and they do not get queried from the Cloud.


Thanks @mb!
I've just received a prompt reply from support and running following command:
Code Select
echo -n "delete from user_configuration where id = 2;" |sqlite3 /usr/local/sensei/userdefined/config/settings.db
has fixed an issue...
And thanks for updating Sensei plans!
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 30, 2020, 09:34:03 PM #949
If you need to update it from the console.....Sensei:Status - Engine versiĆ³n - check updates ?????????????
                                                                      os-sensei-updater  ????????????
July 02, 2020, 09:44:28 AM #950

If I have multiple policies, does their order make any difference?
For example, I have 2 almost identical policies: #1 is the main, set as vlan13, #2 is a copy with additionally blocked app, set as vlan13 subnet (I couldn't choose same vlan13) and with active schedule (on & off).
So now policies order is as follow:
Default
#2
#1


If it is like that:
Default
#1
#2
would it change anything?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
July 03, 2020, 02:24:13 AM #951
After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.
July 03, 2020, 07:45:03 AM #952 Last Edit: July 03, 2020, 07:57:53 AM by mb
Hi @GreenMatter,

Yes, policy order does matter. Suppose that you have:

Default
Policy 1
Policy 2

Engine tries to match in this order:
Policy 1
Policy 2
if none matches assigns Default policy.

With 1.6, we've changed the display order so it will be just as it is evaluated:
Policy 1,
Policy 2,
Default

PS: in case you did not notice: you can re-order policies in the policy list view which is displayed when you click on the Policies from the left menu.
July 03, 2020, 07:48:03 AM #953
Quote from: yeraycito on July 03, 2020, 02:24:13 AM
After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.

Hi @yeraycito,

Might be that wireguard has a clashing dependency. Let's have a look here.

Anyhow, to re-install just do:

pkg remove mongodb40
pkg install mongodb40

July 03, 2020, 03:14:36 PM #954
Quote from: mb on July 03, 2020, 07:48:03 AM
Quote from: yeraycito on July 03, 2020, 02:24:13 AM
After installing version 1.5.2 I tried to install wireguard but it didn't work. I have uninstalled wireguard and restarted opnsense and mongodb does not start.

Hi @yeraycito,

Might be that wireguard has a clashing dependency. Let's have a look here.

Anyhow, to re-install just do:

pkg remove mongodb40
pkg install mongodb40

It worked, thanks.
July 04, 2020, 08:45:05 AM #955
I have a few questions about sensei,

1 I have a home subscription, is TLS/SSL inspection available for home users (if so how do I set it up?) ?
2. Is it possible to view blocks in a table format so I can easily see which website has been blocked ?
3. There is a template blockpage set up to show up when a website is being blocked, I almost never see this page when a site is blocked, is it possible to show this block page on ssl connections (its a little confusing now because now i see an error page that says dns_probe_finished or connection_closed so I dont know if this was sensei blocking the page, or if my DNS has some issues. to check I have to go through reports on sensei so thats my reason for question2) ?

Thanks!
July 04, 2020, 05:54:23 PM #956
Hi @actionhenkt,

1. TLS/SSL inspection will be on the premium (will be renamed to enterprise soon) tier.
2. Sure, you have it already. Go to Reports -> Blocks -> Live Blocked Sessions Explorer. This shows in realtime which connections are blocked and for what.
3. Yes, please see this FAQ entry:
https://help.sunnyvalley.io/hc/en-us/articles/360025100613-FAQ#h_3fc561e1-efd2-4e19-8cc7-accb5b2ebaac

July 04, 2020, 06:12:12 PM #957
Dear Sensei users,

As this is a very much requested feature, I feel like I should let you know now:

Beginning with release 1.6, Sensei will have two more dns enrichment sources

1. Engine will do an active real-time reverse PTR query in case it cannot detect an immediate dns enrichment data from previous attempts  (available in home & higher subscription tiers)

2. Also, it'll utilize and prioritize OPNsense alias definitions if you have created a Host alias. (will be available in all tiers)

We hope to ship 1.6 later this month.

Stay safe & healthy,
Sensei team
July 07, 2020, 01:59:40 PM #958
After the latest update I cannot see sessions in reports blocks anymore so I cannot add exception for single destinations.
Any suggestion?
July 07, 2020, 05:44:28 PM #959
During high network utilization I see..

0% /usr/local/sensei/output/active/temp [ufs]

go above 100% - is that normal?
Print
Go Up Pages 1 ... 62 63 64 65 66 ... 79
User actions