Skip to main content

Cloud Threat Intelligence

Cloud Threat Intelligence tab provides you with the ability to manage the cloud threat intelligence servers for querying real time information about threat intelligence and web categorization.

The following options are available on this page:

  • Enabling/Disabling the Cloud Reputation & Web Categorization

  • Clearing the Cache

  • Excluding the Local Domains

  • Selecting Cloud Reputation Servers

You may configure the Zenarmor Cloud Threat Intelligence options by navigating to ZenarmorConfigurationCloud Threat Intelligence on OPNsense web GUI.

Configuration - Cloud Threat Intelligence

Figure 1: Configuration - Cloud Threat Intelligence

Enabling Cloud Reputation & Web Categorization

To enable/disable updates from cloud threat intelligence servers:

  1. Turn on/off the toggle button on the first line of the pane
  2. Click Save Changes at the end of the pane.
info

It is recommended that you should enable this feature for effective application and web filtering.

Clearing Cache

You can also use the Clear Cloud Cache function to delete all cached categorization information. Zenarmor (Sensei) caches the query results for better performance, and periodically checks for updates on the cached items.

info

Clearing the cache might come handy if you want some particular categorization change to get applied immediately.

Clearing Cloud Cache

Figure 2: Clearing Cloud Cache

Local Domain Exclusion

You can configure your local domain names to be excluded from being queried on Cloud Server. This might be handy if you see that your local domain is being categorized as Firstly Seen Sites.

tip

Domains entered here will match for all subdomains and FQDNs. For instance: Example.com will also cover sub.example.com and host.sub.example.com You don`t need to add each subdomain separately.

If you want to exclude your domain,

  1. Enter this in the Local Domain Name to Exclude Cloud Queries field.
  2. Click Save Changes at the end of the pane.

Excluding Local Domain From Cloud Queries

Figure 3: Excluding Local Domain From Cloud Queries

Selecting Cloud Reputation Servers

Cloud Reputation servers will be automatically selected by the engine according to their network response times. Two cloud servers with the best response times will be automatically selected and configured. You can also set them up manually. To set another server,

  1. Click the green checkbox so that the existing cloud server with a bad response time is unselected.
  2. Click the grey checkbox with a minus icon to select the new server.

Selecting Cloud Reputation Servers

Figure 4: Selecting Cloud Reputation Servers

note

Two servers must be configured as Cloud Reputation Server.

You can check the status of the Cloud Reputation Servers by clicking the Re-Check Nodes Status button at the end of the page.