Skip to main content

Cloud Portal Registration & Initial Configuration

Registering to the Cloud Central Management Portal

After installing the Zenarmor (Sensei) package in your system, it is necessary to register the system to Zenportal (Sunny Valley Networks Cloud Central Management Portal) so that you can enjoy the central cloud management capability.

info

For OPNsense, this step is optional, since Zenarmor OPNsense package has an integrated Management UI

  1. You can either create a new account for the portal or Sign in with Google to the portal.

    1.1. Sign-up for a new account from the Cloud Central Management Portal if you have not done already.

    IMPORTANT NOTE

    If you`ve signed up with Google Authentication and did not create a Zenportal password, you still need to create a password since Google Authentication is not available during the cloud registration stage. Click Cloud Portal Authentication & Password Management Guide for more information about Cloud Portal authentication.

    Your Zenportal authentication credentials are used for registration.

  2. Run the following command as root or user with sudo privileges in your system.

Cloud Registration
sudo zenarmorctl cloud register

This command will prompt you to enter your Zenportal username and password:

Registering to the Zenportal Cloud Central Management Portal

Figure 1: Registering to the Zenportal (Cloud Central Management Portal)

Enter your information here and registration will be completed.

Initial Configuration of A Firewall For the Cloud Central Management Portal

After installing the Zenarmor packages in your system and registering it to Zenportal (Sunny Valley Networks Cloud Central Management Portal), the initial configuration steps explained below must be completed.

This configuration is necessary to connect your inspection agent to the Zenportal so that you can start managing it through the central management interface.

  1. Sign In to the Zenportal.

    Zenportal Sign In Up Page

    Figure 2: Zenportal Sign In/Up Page

  2. Click on the Firewalls tab in the Main Menu of the account dashboard page. This will open the firewall configuration page in a new browser tab.

    Accessing the Firewalls Page from Account Dashboard

    Figure 3. Accessing the Firewalls Page from Account Dashboard.

  3. To add the firewall to the cloud portal, provide the required information about the node.

    Adding a Firewall

    Figure 4. Adding a Firewall

    • First, set a name for the firewall by filling in the Node name field.
    • Reporting database field should be left as SQLite(local) or Elasticsearch (remote). The local Elasticsearch Database is not supported by the systems except Opnsense.
NOTE:

The remote Elasticsearch database does not necessarily need to be outside the system you`re installing the Zenarmor on; it can be on the same system. Remote in this regard means the database is not managed by the Zenarmor package.

SQLite-local Selection as Reporting Database

Figure 5. SQLite(local) Selection as Reporting Database

  • If Elasticsearch is selected as a reporting database, Database URL, Database Username and Database Password fields should be filled in with the values used by your system.

    Remote Elasticsearch Selection as Reporting Database

    Figure 6. Remote Elasticsearch Selection as Reporting Database

  • If you only see Passive Mode(Reporting Only) and not seeing Routed Modes enabled in the Deployment mode drop-down menu; then this means that you don`t have the netmap kernel module loaded on your system. Some advanced capabilities like Filtering, QoS, and TLS Inspection are only available with this deployment mode.

    If you have a Linux-based firewall, you may also select Routed mode with Linux NFQ driver. To be able to use the netmap driver on your Linux firewall you must install and load netmap kernel modules.

    Deployment Mode Selection

    Figure 7. Deployment Mode Selection

  • Then, select the interfaces that you want to be protected by the engine.

    interfaceselectiononcloud.png

    Figure 8. Protected Interface(s) Selection

    warning

    If you have a Suricata on your node, you must select the LAN interface. Click for more information about running Zenarmor along with Suricata.

  • Click Set Security Zone drop down menu to assign a tag for the interface. You may set a custom security zone name or select one of the options available, such as dmz, lan, guest, wifi or wan.

    Setting Custom Security Zone

    Figure 9. Setting Custom Security Zone

  • Click on the Add Firewall button at the end of the page. This will send the configuration to the node. If all is well, the following popup message appears at the right bottom corner of the page.

    Message indicating that your firewall is successfully added

    Figure 10. Message indicating that your firewall is successfully added.

  • By adding a firewall you agree to the Terms of Service and EULA.

    After your firewall is added to the Zenportal, you can manage and view it easily from anywhere around the world by signing in to the Zenportal (Sunny Valley Networks Cloud Central Management Portal).

Zenconsole Cloud Central Management Portal Firewall Dashboard

Figure 11. Zenconsole Firewall Dashboard

Here is a video that will guide you through the steps of the registration and initial configuration process for BSD-based and Linux-based systems: