Zenarmor Application Control on OPNsense

Zenarmor (Sensei)'s Application Control engine uses App DB to understand and classify the application a particular connection packets carry. The database contains dynamic signatures which hint the packet engine to be able to classify the connections more accurately.

APP DB is maintained by Sunny Valley Networks. You can update it through Zenarmor-Sensei → Status → App DB Update & Reload on OPNsense Web UI.

Categorization

Applications are categorized by their type and listed in a click-to-open tree-view for convenient access.

Figure 1: App Control Settings

Searching Applications to Filter

There are quite many applications here and sometimes it might be hard to just scroll down and navigate through all individual application categories. You can use the Search field to search and find a specific application. To search for an application in the list just type the application name in the search form.

If you don’t remember the name of the application that you want blocked/allowed, you can also locate it by browsing under the category folder.

To browse, you must click on the orange folder icon.

You can also filter the group of applications from categories. (For example map as shown in figure 2.)

Figure 2: Dynamic search helps you to filter

Blocking an Application or a Category

Zenarmor allows you to block an application individually as well as an entire application category.

Blocking an application

Zenarmor allows you to block individual applications by clicking on the green check icons located on the left side of each application.

Blocking an entire category

You can also block the entire category by clicking the green check icon located on the left side of the category name.

Figure 3: Blocking Entire Category (Ad Tracker, Ads, Gaming and Instant Messaging categories are blocked)

Defining/Updating A Custom Application

If you want to filter an application that doesn’t exist in our database/list, you can define a custom application.

Define New Custom Application

To define a new custom application you may follow the steps listed below:

1. Click on the button +Add/Edit Custom Applications on the opening pop-up page.
2. Enter the name of the application (mandatory field).
3. Select the category of the application (mandatory field).
4. Define the protocol type (mandatory field).
5. Specify the hostnames.
6. Specify the IP Address(es) (hostname or IP is mandatory fields, one should be filled).
7. Add a description for the application.
8. After providing all necessary information for the new application, you need to accept sharing of this application signature with the Zenarmor team to improve App Database quality .

Figure 4. User Acceptance of Privacy Policy

9. Click on the Add New Application button.

Figure 5. Define New Custom Application

Update/Delete A Custom Application

On the Define new custom application pop-up page you can update or delete existing applications also.

To update/delete existing custom application you may follow the next steps:

1. Start typing application name in the search bar. Results will appear as shown in Figure 6.
2. Select the preferred application from the list.
3. Update the required fields.
4. Click the check box to accept the privacy policy of Zenarmor.
5. Click Update Application or, click Delete Application to delete the application.

Figure 6. Updating Existing Applications

For managing the application list easily you can use shortcut buttons:

• Use the Display custom application only toggle button to show only the custom-created applications.

Figure 7. Displaying Custom Applications Only

• Use the Display recently added application only toggle button to filter newly registered applications on the Application DB.

• Use the Collapse All button to view only App Category Names.
• Use the Expand All button to view applications’ name under the App Categories.

Activating the rules

When you're ok with the changes you made, click on the Save Changes button at the lower right corner of the screen to activate the rules.

Testing the results

The rules go in the action immediately after you hit the Save Changes button. The request silently blackholed on the user's end.

Testing MSN before the Ads blocked

Figure 8. MSN homepage with ads

MSN Homepage after the Ads blocked by Zenarmor silently

Figure 9. MSN homepage without ads