Zenarmor Application Control on OPNsense
Zenarmor (Sensei)'s Application Control engine uses App DB
to understand and classify the application a particular connection packets carry. The database contains dynamic signatures which hint the packet engine to be able to classify the connections more accurately.
APP DB
is maintained by Sunny Valley Networks. You can update it through Zenarmor-Sensei
→ Status
→ App DB Update & Reload
on OPNsense Web UI.
Categorization
Applications are categorized by their type and listed in a click-to-open tree-view for convenient access.
Figure 1: App Control Settings
Searching Applications to Filter
There are quite many applications here and sometimes it might be hard to just scroll down and navigate through all individual application categories. You can use the Search
field to search and find a specific application. To search for an application in the list just type the application name in the search form.
If you don’t remember the name of the application that you want blocked/allowed, you can also locate it by browsing under the category folder.
To browse, you must click on the orange folder icon.
You can also filter the group of applications from categories. (For example map
as shown in figure 2.)
Figure 2: Dynamic search helps you to filter
Blocking an Application or a Category
Zenarmor allows you to block an application individually as well as an entire application category.
Blocking an application
Zenarmor allows you to block individual applications by clicking on the green check icons located on the left side of each application.
Blocking an entire category
You can also block the entire category by clicking the green check icon located on the left side of the category name.
Figure 3: Blocking Entire Category (Ad Tracker, Ads, Gaming and Instant Messaging categories are blocked)
Defining/Updating A Custom Application
If you want to filter an application that doesn’t exist in our database/list, you can define a custom application.
Define New Custom Application
To define a new custom application you may follow the steps listed below:
- Click on the button
+Add/Edit Custom Applications
on the opening pop-up page. - Enter the name of the application (mandatory field).
- Select the category of the application (mandatory field).
- Define the protocol type (mandatory field).
- Specify the hostnames.
- Specify the IP Address(es) (hostname or IP is mandatory fields, one should be filled).
- Add a description for the application.
- After providing all necessary information for the new application, you need to accept sharing of this application signature with the Zenarmor team to improve App Database quality .
Figure 4. User Acceptance of Privacy Policy
- Click on the
Add New Application
button.
Figure 5. Define New Custom Application
Update/Delete A Custom Application
On the Define new custom application
pop-up page you can update or delete existing applications also.
To update/delete existing custom application you may follow the next steps:
- Start typing application name in the search bar. Results will appear as shown in Figure 6.
- Select the preferred application from the list.
- Update the required fields.
- Click the check box to accept the privacy policy of Zenarmor.
- Click
Update Application
or, clickDelete Application
to delete the application.
Figure 6. Updating Existing Applications
For managing the application list easily you can use shortcut buttons:
- Use the
Display custom application only
toggle button to show only the custom-created applications.
Figure 7. Displaying Custom Applications Only
- Use the
Display recently added application only
toggle button to filter newly registered applications on the Application DB.
- Use the
Collapse All
button to view only App Category Names. - Use the
Expand All
button to view applications’ name under the App Categories.
Activating the rules
When you're ok with the changes you made, click on the Save Changes
button at the lower right corner of the screen to activate the rules.
Testing the results
The rules go in the action immediately after you hit the Save Changes
button. The request silently blackholed on the user's end.
Testing MSN before the Ads blocked
Figure 8. MSN homepage with ads
MSN Homepage after the Ads blocked by Zenarmor silently
Figure 9. MSN homepage without ads