Zenarmor (Sensei) is an all-software instant firewall that can be deployed onto virtually anywhere.
Thanks to its appliance-free, all-in-one, all-software, light-weight and simple architecture, it can be instantly deployed onto any platform which has network access. Virtual or bare-metal. On-premise or Cloud. Any Cloud...
For open source firewalls; this technology delivers state-of-the-art, next-generation features not currently available in products such as OPNsense. If you are running an L4 firewall (all open source firewalls fall into this category) and need features such as Application Control, Network Analytics, and TLS Inspection, Zenarmor provides these features and more.
The underlying technology behind the product is a very light-weight yet powerful packet inspection core that can provide a wide variety of enterprise-grade network security functions.
Unique Appliance-free Technology
Lightweight and powerful appliance-free technology allows organizations to launch instant firewalls on demand and easily secure environments as small as home networks or scale to multi-cloud deployments. It's as easy as launching an application.
Packet inspection core is powerful enough to protect against encrypted threats while also being so lightweight and nimble that it can even fit in very resource-constrained environments.
Zero-latency Security Stack
Deploy zero-latency security without backhauling data packets back and forth between POPs and datacenters.
Zenarmor’s single-pass architecture processes packets once and for all security controls.
The same security stack runs wherever deployed for an unprecedented level of consistency when applying security policies.
Deploy Anywhere, Rule from the Cloud
Inspect locally, analyze and manage centrally.
Cloud-based management provides control for all policies and network deployments.
Design policies independent of locations and devices and enforce them across all IT environments.
Aggregate and visualize all security telemetry from a single pane of glass. Start from an enterprise-level view and drill down to per-connection details.
Next-generation Firewall Features
- Application Control
- Cloud Application Control (Web 2.0 Controls)
- Advanced Network Analytics
- All-ports full TLS Inspection (for every TCP port, not just HTTPS) *Coming soon
- Cloud Threat Intelligence
- Encrypted Threats Prevention
- Web Filtering and Security
- User-based Filtering and Reporting
- Active Directory Integration
- Policy based filtering and QoS
- Application / Web category based Traffic Shaping and Prioritization
- Cloud based centralized management & Reporting
Zenarmor is currently available for:
- OPNsense ® (OPNsense 19.x - 21.x, fully integrated into the OPNsense WebUI)
- FreeBSD ® (FreeBSD 11,12,13)
- pfSense ® software (pfSense 2.5.x)
- Debian Linux (Debian 10)
- Ubuntu Linux (Ubuntu 18.04 LTS, 20.04 LTS)
- Centos Linux (Centos 7, 8)
- Alma Linux (AlmaLinux 1)
Zenarmor deployments on all Linux platforms as well as on FreeBSD-based firewalls can be managed together and seamlessly from the same pane of glass: Centrailzed Cloud Management Portal
Zenarmor can deploy onto any Cloud environments either as a gateway or on a per-server basis.
Cloud Centralized Policy Management
Create per-firewall or centralized policies and assign them to selected group of firewalls. All with a few clicks and without having to log in to individual firewalls.
Policy restore points provide you with the ability to create backups of policy configurations and revert to a specific configuration within seconds.
Figure 1. Centrally Managed Policies
All of your local and cloud policies are instantly synchronized so that you don't need to worry about manually configuring the other side when you do a policy configuration either in the cloud or in the local OPNsense user interface.
Centralized Reporting and Analytics
Aggregate and visualize all security telemetry from a single pane of glass. Start from the enterprise-level big picture. Drill down to per-connection details.
Trying to keep track of individual systems on a one-by-one basis is an arduous process that is highly likely to cause important alerts to be missed or ignored.
Just like central policy management, Cloud Central Management empowers you with the capability to stream all of your reports to a single project-specific reporting instance. Run your analytics starting from the even bigger picture. Drill down to specific firewalls, and even to individual connections wherever they are.
Figure 2. Centralized Networks Analytics and Reporting
Communication between your firewall and our Cloud servers are secured with 256 bit AES encryption. We employ 2048 bit RSA keys and Mutual TLS (mTLS) authentication to ensure that traffic is secure and trusted in both directions between the firewall and Sunny Valley Networks Cloud Servers.
The privacy-first design prioritizes that minimal possible information is stored in the backend servers and that all information is stored in your devices and be retrieved on-demand when you request to access them through the Cloud Interface.
Cloud agent software is open source. If you need to see what is being exchanged between the Cloud Servers and the firewalls, enable logging, and even more: see the source code for yourself.
For Centralized Reports, you can freely use your own Elasticsearch instances, since they do not have to be hosted in the Cloud. Alternatively, you can also utilize Cloud elastic.co cloud instances. Centralized Reports are also retrieved and displayed through one of your firewalls.
Moreover, you can create centralized reporting instances per project. What this means is that you can group Company A firewalls under a project and assign a single Elasticsearch instance configuration for these group of firewalls.
Zenarmor offers a Free Edition and three paid subscription plans depending on your needs and budget:
The Free Edition is free of charge.
The following paid subscriptions provide a comprehensive set of next-generation firewall features:
- Home Edition
- SOHO Edition
- Business Edition
For a complete feature comparison see: Subscription Plans.
Sensei is re-branded as