Skip to main content

Zenarmor (Sensei) Paid Editions Feature Guide

note

Premium in this guide refers to the Zenarmor Paid Subscription Tiers (Home, SOHO, Business) and some features may vary depending on the type of Subscription. Please see "Plans & Pricing" for a complete feature comparison.

Zenarmor Premium Features extend the capabilities of OPNsense to include advanced security and threat protection with near-real-time threat feeds, web, user and policy-based filtering, SIEM data integration, API access, reporting, and compliance capabilities as well as 24/7 help desk support.

Security

Advanced Threat Protection

Zenarmor Premium provides Advanced Threat Protection against the latest malware, viruses and phishing attacks by blocking websites that are known to host malware and viruses and launch phishing attacks. With Sunny Valley`s Advanced Threat Protection feed, users are provided with near-real-time commercial-grade threat tracking and protection.

In the Zenarmor Policies section select a Policy Name or create a new Policy.

Zenarmor policies

Figure 1. Zenarmor Policies

Next, click on the Security tab.

policysecuritytab.PNG

Figure 2. Policy Security Tab

In the Advanced Security section click on the required selections.

advancedsecurity.PNG

Figure 3. Enabling Advanced Threat Protection

Suspicious Domain Blocking

Zenarmor Premium blocks suspicious domains including expired domains, hacked and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for phishing, malware, and online scams. In addition, Zenarmor Premium also blocks any expired DynDNS sites.

Enable domain blocking in the Zenarmor Policies section by clicking on the Policy Name.

Next, click on the Security tab and navigate to the Advanced Security section and make selections.

Domain Blocking Options.PNG

Figure 4. Domain Blocking Options

Filtering & Compliance

Customized Landing Pages for Blocked Sessions

With Zenarmor Premium, IT administrators can create custom response web pages that are displayed when a user tries to access a blocked URL. With custom HTML pages, messages are displayed when a user requests a web page or file.

To upload or view custom response pages, navigate to Configuration in the Zenarmor section of the OPNsense portal and scroll down to the Landing Page section.

Landing Page

Figure 5. Landing Page

Click View or Download to view the current template or Browse to add a new HTML template.

Custom Landing Page HTML Template

Figure 6. Custom HTML Template

Web and URL Filtering

Zenarmor Premium lets administrators create customizable web filtering profiles and policies based on a cloud-based web categorization of 300+ Million web sites under 60+ categories.

Enable or disable web and URL filtering controls by navigating to the Web Controls tab in the Policies section. Preset profiles allow for permissive to custom controls.

web filtering policies

Figure 7. Web Filtering Profiles

Policy-based Filtering

Policy-based controls let users create an unlimited number of policies to customize filtering and controls for different groups of users. With Zenarmor Premium, an unlimited number of policies can be created based on Network Interfaces, VLANs, Subnet / IP addresses and users/groups. All policies are controlled via the Policy Wizard.

To add a new Policy click on Add New Policy in the Zenarmor Policies section of OPNsense.

Next, click on the Policy Configuration tab in the Zenarmor Policy Wizard.

policywizard.PNG

Figure 8. Zenarmor Policy Wizard

Filtering Policies by Interface/VLAN and IP/Network Address.

Enter the VLAN number and IP/Network Address.

adding VLAN

Figure 9. Filtering Policies by Interface/VLAN and IP/Network Address

Filtering Policies based on MAC Address and Users and Groups and Schedule

Enter the MAC Address or Group or User and create a Schedule.

schedule.PNG

Figure 10. MAC Address/Users and Groups based filtering and Scheduling

Once the Policy has been saved by clicking on the Save Policy button on the bottom right of the window, the policy can be managed and edited in the main Policy window.

The Saved Policy can also be managed across Security, Application and Web Controls in the main Policy tab ribbon.

![managepolicy.PNG]](/img/zenarmor/guides/paid-editions/1.PNG)

Figure 11. Managing Policies

For more information, please refer to the Managing Policies Zenarmor Granular Policy Configuration Video

User-based Filtering

By enabling Captive Portal or installing the Zenarmor Active Directory Agent on an Active Directory server, users can be added to OPNsense for User-based filtering.

Zenarmor Active Directory Integration Video

Integrations

Zenarmor Premium can stream data to external remote Elasticsearch or MongoDB servers for log parsing and Security Information and Event Management (SIEM) system integration. In the Configuration section of the Zenarmor OPNsense portal select the Reporting & Data tab.

Scroll down to the Stream Reporting Data to External Elasticsearch section and enter the URI of the external Elasticsearch Server.

Data Streaming to Elasticsearch

Figure 12. Data Streaming to Elasticsearch

API Access

Zenarmor Premium provides API access for Zenarmor engine configuration and management. Rest API Security Tokens can be created by navigating to Configuration and scrolling down to REST API Security Tokens.

REST API Security Tokens

Figure 13. REST API Security Tokens

Support

Premium Support provides access to the Sunny Valley Help Desk. Through the SVN Help Desk, users can access configuration and access information, create high-priority support tickets for SVN engineers that are available 24/7.