Zenarmor (Sensei) Paid Editions Feature Guide
Premium in this guide refers to the Zenarmor Paid Subscription Tiers (Home, SOHO, Business) and some features may vary depending on the type of Subscription. Please see "Plans & Pricing" for a complete feature comparison.
Zenarmor Premium Features extend the capabilities of OPNsense to include advanced security and threat protection with near-real-time threat feeds, web, user and policy-based filtering, SIEM data integration, API access, reporting, and compliance capabilities as well as 24/7 help desk support.
Advanced Threat Protection
Zenarmor Premium provides Advanced Threat Protection against the latest malware, viruses and phishing attacks by blocking websites that are known to host malware and viruses and launch phishing attacks. With Sunny Valley`s Advanced Threat Protection feed, users are provided with near-real-time commercial-grade threat tracking and protection.
In the Zenarmor Policies section select a Policy Name or create a new Policy.
Figure 1. Zenarmor Policies
Next, click on the Security tab.
Figure 2. Policy Security Tab
In the Advanced Security section click on the required selections.
Figure 3. Enabling Advanced Threat Protection
Suspicious Domain Blocking
Zenarmor Premium blocks suspicious domains including expired domains, hacked and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for phishing, malware, and online scams. In addition, Zenarmor Premium also blocks any expired DynDNS sites.
Enable domain blocking in the Zenarmor Policies section by clicking on the Policy Name.
Next, click on the Security tab and navigate to the Advanced Security section and make selections.
Figure 4. Domain Blocking Options
Filtering & Compliance
Customized Landing Pages for Blocked Sessions
With Zenarmor Premium, IT administrators can create custom response web pages that are displayed when a user tries to access a blocked URL. With custom HTML pages, messages are displayed when a user requests a web page or file.
To upload or view custom response pages, navigate to Configuration in the Zenarmor section of the OPNsense portal and scroll down to the Landing Page section.
Figure 5. Landing Page
Click View or Download to view the current template or Browse to add a new HTML template.
Figure 6. Custom HTML Template
Web and URL Filtering
Zenarmor Premium lets administrators create customizable web filtering profiles and policies based on a cloud-based web categorization of 300+ Million web sites under 60+ categories.
Enable or disable web and URL filtering controls by navigating to the Web Controls tab in the Policies section. Preset profiles allow for permissive to custom controls.
Figure 7. Web Filtering Profiles
Policy-based controls let users create an unlimited number of policies to customize filtering and controls for different groups of users. With Zenarmor Premium, an unlimited number of policies can be created based on Network Interfaces, VLANs, Subnet / IP addresses and users/groups. All policies are controlled via the Policy Wizard.
To add a new Policy click on Add New Policy in the Zenarmor Policies section of OPNsense.
Next, click on the Policy Configuration tab in the Zenarmor Policy Wizard.
Figure 8. Zenarmor Policy Wizard
Filtering Policies by Interface/VLAN and IP/Network Address.
Enter the VLAN number and IP/Network Address.
Figure 9. Filtering Policies by Interface/VLAN and IP/Network Address
Filtering Policies based on MAC Address and Users and Groups and Schedule
Enter the MAC Address or Group or User and create a Schedule.
Figure 10. MAC Address/Users and Groups based filtering and Scheduling
Once the Policy has been saved by clicking on the Save Policy button on the bottom right of the window, the policy can be managed and edited in the main Policy window.
The Saved Policy can also be managed across Security, Application and Web Controls in the main Policy tab ribbon.
Figure 11. Managing Policies
For more information, please refer to the Managing Policies Zenarmor Granular Policy Configuration Video
By enabling Captive Portal or installing the Zenarmor Active Directory Agent on an Active Directory server, users can be added to OPNsense for User-based filtering.
Zenarmor Active Directory Integration Video
Zenarmor Premium can stream data to external remote Elasticsearch or MongoDB servers for log parsing and Security Information and Event Management (SIEM) system integration. In the Configuration section of the Zenarmor OPNsense portal select the Reporting & Data tab.
Scroll down to the Stream Reporting Data to External Elasticsearch section and enter the URI of the external Elasticsearch Server.
Figure 12. Data Streaming to Elasticsearch
Zenarmor Premium provides API access for Zenarmor engine configuration and management. Rest API Security Tokens can be created by navigating to Configuration and scrolling down to REST API Security Tokens.
Figure 13. REST API Security Tokens
Premium Support provides access to the Sunny Valley Help Desk. Through the SVN Help Desk, users can access configuration and access information, create high-priority support tickets for SVN engineers that are available 24/7.