Cloud Threat Intelligence
Cloud Threat Intelligence tab provides you with the ability to manage the cloud threat intelligence servers for querying real time information about threat intelligence and web categorization.
The following options are available on this page:
Enabling/Disabling the Cloud Reputation & Web Categorization
Clearing the Cache
Excluding the Local Domains
Selecting Cloud Reputation Servers
You may configure the Zenarmor Cloud Threat Intelligence options by navigating to Zenarmor
→ Configuration
→ Cloud Threat Intelligence
on OPNsense web GUI.
Figure 1: Configuration - Cloud Threat Intelligence
Enabling Cloud Reputation & Web Categorization
To enable/disable updates from cloud threat intelligence servers:
- Turn on/off the toggle button on the first line of the pane
- Click
Save Changes
at the end of the pane.
info
It is recommended that you should enable this feature for effective application and web filtering.
Clearing Cache
You can also use the Clear Cloud Cache
function to delete all cached categorization information. Zenarmor (Sensei) caches the query results for better performance, and periodically checks for updates on the cached items.
info
Clearing the cache might come handy if you want some particular categorization change to get applied immediately.
Figure 2: Clearing Cloud Cache
Local Domain Exclusion
You can configure your local domain names to be excluded from being queried on Cloud Server. This might be handy if you see that your local domain is being categorized as Firstly Seen Sites
.
tip
Domains entered here will match for all subdomains and FQDNs. For instance: Example.com
will also cover sub.example.com
and host.sub.example.com
You don`t need to add each subdomain separately.
If you want to exclude your domain,
- Enter this in the
Local Domain Name to Exclude Cloud Queries
field. - Click
Save Changes
at the end of the pane.
Figure 3: Excluding Local Domain From Cloud Queries
Selecting Cloud Reputation Servers
Cloud Reputation servers will be automatically selected by the engine according to their network response times. Two cloud servers with the best response times will be automatically selected and configured. You can also set them up manually. To set another server,
- Click the green checkbox so that the existing cloud server with a bad response time is unselected.
- Click the grey checkbox with a minus icon to select the new server.
Figure 4: Selecting Cloud Reputation Servers
note
Two servers must be configured as Cloud Reputation Server.
You can check the status of the Cloud Reputation Servers by clicking the Re-Check Nodes Status
button at the end of the page.