Skip to main content

Managing Zenarmor Policies on OPNsense

To manage Zenarmor (Sensei) policies on your OPNsense firewall, navigate to the Zenarmor - SenseiPolicies.

Policy Management

Advanced policy-based filtering is one of the most-loved features of Zenarmor.

Policy List View

Figure 1. Policy List View

With Filtering Policies you can:

  • View the list of the policies
  • View the status of the policies
  • View the status and profiles of the Security, Application & Web Controls
  • Enable/Disable a policy
  • Edit/Delete/Pause/Clone a policy
  • Reorder the policies

To configure the policies, you must first navigate to ZenarmorPolicies in OPNsense GUI.

Policy Actions

In the Policy List View, where all your policies are listed, you can carry out the following management tasks:

  1. Enabling or Disabling
  2. Editing
  3. Deleting
  4. Pausing
  5. Cloning
  6. Ordering

1. Policy Status Enabling/Disabling

You can change the status of the Policy to Enabled or Disabled by clicking on the toogle button shown in figure 2.

Policy Status

Figure 2. Policy Status

2. Editing a Policy

Use the Small Orange Pen icon for editing the existing policy.

3. Deleting Policy

Use the - (minus) icon for deleting the existing Policy.

When you try to delete a pop-up message box will appear to ask “Are you sure”.

Delete Policy warning

Figure 3. Delete Policy Warning

4. Pausing Network Access for a Policy

Use the || (small pause) icon for stopping policy run.

When you try to pause the policy run a pop-up message box will appear to ask “Are you sure you want to continue?”

pause policy warning

Figure 4. Pause Policy Warning

5. Cloning a Policy

Use the small clone icon to create a copy of a policy. When you click on the clone icon, a pop-up message box will prompt you for changing the policy name.

Clone Policy

Figure 5. Cloning a Policy

6. Ordering Policies


Figure 6. Ordering Policies

To change the order of policies in the system, use the “Up or Down” small orange icon (Shown in figure 6).


The order of policies is important for applying rules. The policy which is displayed at the top of the list is evaluated and applied first if matched. The default policy is the fall-back policy which gets applied if no other policies are matching. The default policy’s configuration can not be edited, deleted. It cannot be moved up or down. You can still customize the Security / App / Web Control rules for the Default Policy Security - App Controls - Web Controls tab can be configured.


In the Free Edition, since there’s a single Default Policy, you should customize your rules under the Default Policy.